Prodding Corporate America and Congress to Address Data Security and Privacy Issues in 2015


A special to USLAW NETWORK and USLAW DigiKnow

By Karen Painter Randall, Connell Foley LLP, Roseland, New Jersey

During President Obama’s recent State of the Union Address he stated, “No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids.”  Thus, the President made clear to a deeply divided, partisan Congress that cyber security and privacy were top issues facing the country today and that legislation was needed to “…meet the evolving threat of cyber-attacks, combat identity theft and protect our children’s’ information.” On February 13, 2015, the White House will hold a Cybersecurity Summit at Stanford University. While it will take time for the proposed legislation to pass through Congress, public and private sector leaders from a cross section of industries will be attending the Summit to provide important input on the newly proposed standards.

Prior to his State of the Union Address, the President spoke at the Federal Trade Commission and National Cyber Security and Communications Integration Center outlining his plan to enact legislation for the protection of Americans from cyber-attacks, as well as to adopt better privacy legislation. The following are some of the highlights of his proposed plan:

    • Federal Standard for Data Breach Notification


The proposed Personal Data Notification & Protection Act would require companies to notify customers when their personal information has been exposed, including establishing a 30-day notification requirement from the discovery of a breach, while providing companies with the certainty of a single, national standard. Currently, almost every state has a different law as to breach notification, making it both confusing and costly for consumers and companies to comply.

    • Making Credit Scores Available to Customers


The President stated under the new law, JPMorgan Chase and Bank of America, the USAA and State Employees’ Credit Union, and Ally Financial must make credit scores available to customers free of charge to help prevent and/or spot identity theft.

    • Consumer Privacy Bill of Rights/Student Digital Privacy Act


The President announced the introduction of a Consumer Privacy Bill of Rights, which will allow consumers the right to decide what personal data companies collect from them and how companies use that data; the right to know that their personal information collected for one purpose cannot then be misused by a company for a different purpose; and the right to have their information stored securely by companies that are accountable for its use. The President also revealed the introduction of the Student Digital Privacy Act, which will make sure that data collected in the educational context, is used only for educational purposes. These companies would be prevented from selling student data to third parties and using the information for targeted advertising.

    • Sharing of Information by Private Sector Businesses


The President intends to introduce cyber security legislation that will encourage private sector companies to share cyber threat information with the Department of Homeland Security’s National Cyber Security and Communications Integration Center (NCCIC), which in turn will share with relevant federal agencies and the private sector. The legislation would also protect from liability a company that participates in same, as well as encourage private-sector businesses to share this information among them, while protecting the privacy of its customers by removing their unnecessary personal identifiable information.

    •  Modernizing Law Enforcement


The President announced a push towards modernizing law enforcement authorities to combat cybercrime. The Administration’s proposal contains provisions that would allow for the prosecution of the sale of botnets, would criminalize the overseas sale of stolen U.S. financial information like credit card and bank account numbers, would expand federal law enforcement authority to deter the sale of spyware used to stalk or commit ID theft, and would give courts the authority to shut down botnets engaged in distributed denial of service attacks and other criminal activity.

While cyber-attacks and data breaches have been a serious threat for years affecting both consumers and the corporate world alike, the recent massive cyber-attack on Sony Entertainment Pictures, has garnered much attention thrusting the issues to the forefront of mainstream media. Ultimately, it will be extremely important to monitor President Obama’s 2015 legislative agenda as it passes through Congress to determine what impact, if any, it will have on cyber security and privacy issues facing our clients today. In the meantime, the President has made clear that should another destructive cyber-attack occur before legislation is enacted, Congress will have to answer to corporate America.

Designed & Developed by Peak Seven