Slashdot Mirror

← Back to Stories (view on slashdot.org)

Obama Proposes 30-Day Deadline For Disclosing Security Breaches

Posted by Soulskill on from the assuming-you-discover-it-within-30-days dept.

Following the string of massive data breaches at major corporations, President Obama has called for legislation that would standardize how these incidents are disclosed to the public. "The Personal Data Notification and Protection Act would demand a single, national standard requiring companies to inform their customers within 30 days of discovering their data has been hacked. In a speech Monday at the Federal Trade Commission, Mr. Obama said that the current patchwork of state laws does not protect Americans and is a burden for companies that do business across the country. The president also proposed the Student Data Privacy Act, which would prohibit technology firms from profiting from information collected in schools as teachers adopt tablets, online services and Internet-connected software. And he will announce voluntary agreements by companies to safeguard home energy data and to provide easy access to credit scores as an “early warning system” for identity theft.

2 of 125 comments (clear)

  1. Re:Not a bad idea... by Kierthos · · Score: 5, Informative

    It's 30 days from when it's been discovered, not when the breach actually happens. That way, if it happened months ago, and the IT guy is only detecting it now, they're not in any extra trouble for not reporting it, UNLESS they wait more than 30 days from the point of discovery.

    --
    Mr. Hu is not a ninja.
  2. Re:good luck with that by BillCable · · Score: 3, Informative

    I see the main problem being that these companies will be forced to disclose breaches while they still be in the midst of investigating and fixing them. I can see it taking more than 30 days to discover the breadth of a breach.