Slashdot Mirror

← Back to Stories (view on slashdot.org)

Obama Proposes 30-Day Deadline For Disclosing Security Breaches

Posted by Soulskill on from the assuming-you-discover-it-within-30-days dept.

Following the string of massive data breaches at major corporations, President Obama has called for legislation that would standardize how these incidents are disclosed to the public. "The Personal Data Notification and Protection Act would demand a single, national standard requiring companies to inform their customers within 30 days of discovering their data has been hacked. In a speech Monday at the Federal Trade Commission, Mr. Obama said that the current patchwork of state laws does not protect Americans and is a burden for companies that do business across the country. The president also proposed the Student Data Privacy Act, which would prohibit technology firms from profiting from information collected in schools as teachers adopt tablets, online services and Internet-connected software. And he will announce voluntary agreements by companies to safeguard home energy data and to provide easy access to credit scores as an “early warning system” for identity theft.

9 of 125 comments (clear)

  1. Yeah, okay by Anonymous Coward · · Score: 4, Insightful

    He says as ISIS literally gets into the CENTCOM twitter account and posts military personnel's addresses/info, data from the pentagon and other bullshit

    I mean come the fuck on

    Data apocalypse now

  2. where was this during his first two years? by xxxJonBoyxxx · · Score: 3, Insightful

    ...and where was this nifty idea (and the free college one too, and immigration reform, etc.) during his first two years in office (when the Congress was mostly Dems)?

    Why does he even bother to open his mouth now?

    1. Re:where was this during his first two years? by gstoddart · · Score: 3, Insightful

      Why does he even bother to open his mouth now?

      Doesn't need to worry about getting re-elected ... doesn't need to care.

      --
      Lost at C:>. Found at C.
  3. Goose or Gander by Anonymous Coward · · Score: 0, Insightful

    I wonder if it will require the same standard when the data has been breached by one of the government's letter soup agencies.

  4. Re:Not a bad idea... by jellomizer · · Score: 2, Insightful

    So how would a small company know if their data has been hacked.
    You know the ones with perhaps 1 IT guy, who mainly just installs canned software and make sure the computer works.
    The data could have been compromised for months without anyone knowing it.

    Part of the problem with the economy slow recovery is difficulty in running a business. Adding restrictions on use of technology makes it much harder.

     

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  5. Re:good luck with that by Okian+Warrior · · Score: 4, Insightful

    This will be considered 'anti-business' and the Republicans won't let it through Congress, just you watch.

    Yeah, and the Democratic president waited until *after* the Democrats lost power in the legislature before proposing it.

    It almost seems - dare I say it - that both parties are against the needs of the people!

  6. Re:If Obama were smart... by Obfuscant · · Score: 3, Insightful

    * quickly negotiate a broad "consensus bill" for everything in the above list

    The use of riders to attach irrelevant legislation to other stuff is already too much of a problem, you want an entire bill made up of unrelated stuff as one package?

    * quickly get the bills pushed through both houses of Congress, giving the small-minority voices that are against the bills or which favor won't-pass amendments a chance to speak and be heard.

    It's nice you let them have a chance to "be heard". But consider this: the more unrelated things you put in one bucket, the more likely you are to reach a critical mass of people who object to something in that bucket and vote no just for that small part they object to. The entire bill fails for want of a smaller bucket.

  7. Re:If Obama were smart... by Jawnn · · Score: 3, Insightful

    This is the GOP you're talking about. They're not interested in anything that isn't 100% of what they want...

    TFTFY.

  8. Re:Not a bad idea... by Yebyen · · Score: 4, Insightful

    No! Just no!

    If you are a business in the business of making money, small or large, and you have taken my data for some business reason and are careless with it, you should be liable for whatever happens. Every time I hear about another retail company that is storing a bunch of credit cards against the law and PCI, who really doesn't need to be storing any credit card numbers at all, I say "Well no wonder. It was probably the fault of some poor overworked, underpaid IT department." Probably the sales department charged the clients not enough to cover the actual cost of operating the business, and they cut corners. You don't win bids pricing services reasonably, you have to undercut the competition!

    If you think that every company should have carte blanche to do just whatever with customer data, without regard to keeping it secure from hackers, because "computer hard, IT too expensive" then you are part of the problem. Until some of these companies that are gutted by hackers with their "secure" data splayed out all over the internet, get gutted again afterwords by regulators, or even customers leaving to hold them to account after the event, the executive suite is going to continue to place the security bulletin into the circular file and we are going to see more and more of these breaches.

    --
    Restating the obvious since nineteen aught five.