In the wake of several high-profile hacks, President Barack Obama on Monday unveiled privacy legislation that would require U.S. companies to notify consumers within 30 days of discovering a cyber-security breach when sensitive information has been disclosed.
The 30-day standard included in the Personal Data Notification and Protection Act would, if the law passes, replace state laws on data-breach notification that differ from state to state. Companies that don’t comply would be subject to fines by the Federal Trade Commission.
In a speech to the Federal Trade Commission, Obama pitched his proposal as central to a growing economy in the 21st century, saying data breaches represent a serious danger to the financial security of all Americans.
“This is a direct threat to the economic security of American families and we’ve got to stop it,” he said. “If we’re going to be connected, then we’ve got to be protected. As Americans, we shouldn’t have to forfeit our basic privacy when we go online to do our business.”
As the Huffington Post reports, the president’s announcement follows a number of successful hacks against U.S. companies including Sony Pictures, Home Depot and Target that “raised questions about the extent to which companies are responsible for stolen data.”
According to Reuters, lawmakers in Congress have struggled to come up with a way to replace the patchwork of state regulations.
“We applaud the president and his administration in their continued efforts to push and enact cyber- and data security policies that protect consumers while providing much-needed focus on concrete steps that can be taken now in order to protect consumers and businesses alike from cyber criminals,” said David French, a spokesman for the National Retail Federation.
Obama also proposed making overseas trade in stolen identities illegal.