U.S. companies would be required to notify customers within 30 days of their personal information being compromised
(WASHINGTON) — President Barack Obama wants Congress to pass legislation requiring companies to inform customers within 30 days if their data has been hacked, a move that follows high-profile breaches at retailers including Target, Home Depot and Neiman Marcus.
A White House official said Obama will announce the proposed legislation Monday, along with a measure aimed at preventing companies from selling student data to third parties and from using information collected in school to engage in targeted advertising.
Obama’s proposals are part of a White House effort to preview components of the president’s State of the Union address in the lead-up to the Jan. 20 speech. The official, who insisted on anonymity, was not authorized to discuss the proposed legislation by name ahead of Obama’s speech at the Federal Trade Commission.
If passed by Congress, the Personal Data Notification and Protection Act could require U.S. companies to notify customers within 30 days of their personal information being compromised. Recent hackings have exposed the lack of uniform practices for alerting customers in the event of a breach.
The legislation would also make it a crime to sell customers’ identities overseas.
Obama’s proposals also follow last month’s hacking at Sony Pictures Entertainment. The White House has blamed the cyber attack on North Korea and responded with new sanctions against the isolated nation.
In addition to the customer notification legislation, Obama will also ask lawmakers to pass the Student Digital Privacy Act. The measure would prohibit companies from selling student data to third parties, a move spurred by the increased use of technology in schools that can scoop up personal information.
The White House official said the proposed bill is based on a California statute.
It’s unclear whether the new Republican-led Congress will take up either of Obama’s legislative proposals.