In the wake of the massive breaches of Target, Home Depot, and Sony, President Obama urged Congress on Monday to pass a series of cybersecurity and privacy bills.
“This is a direct threat to the economic security of American families, and we’ve got to stop it,” Obama said in a speech at the Federal Trade Commission. “If we’re going to be connected, then we need to be protected. As Americans, we shouldn’t have to forfeit our basic privacy when we go online to do our business.”
The president proposed the Personal Data Notification and Protection Act, which would require companies to notify their customers within 30 days if their personal information has been exposed. The bill quickly earned applause from business groups, who would prefer to comply with a single national notification standard rather than the current patchwork of state laws.
The bill would help consumers know their credit card has been stolen before the hackers are able to use it, Obama said.
He also outlined a new bill, the Student Digital Privacy Act, to restrict the ability of companies to mine the data of children. The measure, which is based on a California law, would prevent companies from selling student data to third parties for non-educational purposes or from targeting advertising to students based on data collected in schools.
Technology can allow for exciting new educational tools, Obama said, but companies should not abuse their access to sensitive academic information of students.
“We’ve already seen some instances where some companies use educational technologies to collect student data for commercial purposes, like targeted advertising,” Obama said. “And parents have a legitimate concern about those kinds of practices.”
Jim Steyer, the CEO of children’s advocacy group Common Sense Media, said he is “thrilled” with the student privacy bill. Students, he said, “deserve the opportunity to use educational websites and apps to enrich their learning without fear that their personal information will be exploited for commercial purposes or fall into the wrong hands.”
The president also renewed his push for a sweeping Consumer Privacy Bill of Rights. Within 45 days, the White House plans to release legislative language to enshrine the principles into law.
The White House first outlined the online privacy rights in 2012 and urged Congress to take up the issue. But there has been little movement on the Hill, and no legislation has been introduced.
Marc Rotenberg, the executive director of the Electronic Privacy Information Center, said he supports the president’s bills on student and consumer privacy, but he has some concerns with the data-breach notification bill. “It would preempt stronger state laws, and it lacks a private right of action,” he explained.
Some privacy advocates noted that Obama’s proposals won’t address another critical privacy issue: the government’s access to information.
“We’re still waiting for reform on NSA and the Electronic Communication Privacy Act after years of intense effort and the creation of a very broad coalition of support,” said Justin Brookman of the Center for Democracy and Technology.
In addition to the legislative proposals, Obama also announced several steps he is taking on his own to bolster privacy protections. The White House secured commitments from 75 companies, including Apple and Microsoft, to provide privacy protections to students, teachers, and parents. The Energy Department released new voluntary guidelines for utilities to protect consumer electricity data.
JPMorganChase, Bank of America, USAA, and the State Employees’ Credit Union agreed to provide free credit scores to their members. “This means that a majority of American adults will have free access to their credit score, which is like an early warning system telling you’ve been hit by fraud so you can deal with it fast,” Obama said.
The announcements were all part of a series of previews of Obama’s State of the Union address, which he will deliver next week.
The president will make more announcements later this week about his plans for cybersecurity and Internet access. On Tuesday, he will travel to the National Cybersecurity and Communications Integration Center to tout efforts to increase voluntary cybersecurity information-sharing between the private sector and the government.
On Wednesday, the president will go to Iowa, where he will announce a plan to increase affordable access to broadband. On Thursday, Vice President Joe Biden will travel to Norfolk, Va., to announce new funding to train Americans for cybersecurity jobs.
—This article was updated at 1:32 p.m.