In a speech at the Federal Trade Commission on January 12, 2015, President Obama proposed a nationwide breach notification standard that would require all U.S. companies to notify consumers of a breach within 30 days.

“In recent breaches, more than 100 million Americans have had their personal data compromised, like credit card information,” Obama said. “When these cyber criminals start racking up charges on your card, it can destroy your credit rating. It can turn your life upside down. It may take you months to get your finances back in order. So this is a direct threat to the economic security of American families and we’ve got to stop it.”

“Right now, almost every state has a different law on [breach notification], and it’s confusing for consumers and it’s confusing for companies — and it’s costly, too, to have to comply to this patchwork of laws,” Obama said.

The proposed Personal Data Notification and Protection Act, according to the White House, “clarifies and strengthens the obligations companies have to notify consumers when their personal information has been exposed, including establishing a 30-day notification requirement from the discovery of a breach, while providing companies with the certainty of a single, national standard. The proposal also criminalizes illicit overseas trade in identities.”

Tsion Gonen chief strategy officer for Identity and Data Protection at Gemalto, told eSecurity Planet by email that the existing patchwork of data breach regulations in different states is a real problem. “The Personal Data Notification Act is an important step in changing the way companies implement appropriate security controls to protect customer data,” he said.

Read the Full Article: Source – eSecurity Planet
http://www.esecurityplanet.com/network-security/president-obama-proposes-national-breach-notification-standard.html

source not found