Slashdot Mirror

← Back to Stories (view on slashdot.org)

Obama Proposes 30-Day Deadline For Disclosing Security Breaches

Posted by Soulskill on from the assuming-you-discover-it-within-30-days dept.

Following the string of massive data breaches at major corporations, President Obama has called for legislation that would standardize how these incidents are disclosed to the public. "The Personal Data Notification and Protection Act would demand a single, national standard requiring companies to inform their customers within 30 days of discovering their data has been hacked. In a speech Monday at the Federal Trade Commission, Mr. Obama said that the current patchwork of state laws does not protect Americans and is a burden for companies that do business across the country. The president also proposed the Student Data Privacy Act, which would prohibit technology firms from profiting from information collected in schools as teachers adopt tablets, online services and Internet-connected software. And he will announce voluntary agreements by companies to safeguard home energy data and to provide easy access to credit scores as an “early warning system” for identity theft.

2 of 125 comments (clear)

  1. No chance in Hell this will pass... by Anonymous Coward · · Score: 4, Interesting

    This law sounds good, but it doesn't have a prayer:

    1: Who enforces it? Will it be as toothless as HIPAA or SOX, where the only person thrown in jail on Sarbanes-Oxley was guy who fished up one too many groupers?

    2: If enforced, where is there proof that the hole was discovered, and what date? I'm sure a H-1B will be darn sure to keep mum when he/she actually found the breach in order to not be deported.

    3: What is a breach? Is someone duping gold on ClicheQuest considered a breach? A warp hack? What about a web server showing the FTP server's links? The courts can be clogged for years of lawyers deliberating this... and when it comes to technical issues, courts tend to side with what side has the most lawyers.

    4: What happens when a breach and trade secrets smack into each other? A court erroring one way, and businesses can have their secret sauce dumped out by clever lawyers. Another way, and every breach can be covered up as a trade secret.

    5: Who is going to fund enforcement? The next President may not bother funding this endeavor.

    Nice political thing... but this law is actually not going to ever see the books. We will see mandated hardware DRM stacks and health checks to make sure DRM is present on all devices before we see this on the books and actively enforced.

  2. How about a law preventing SSN use for credit/ID? by StandardCell · · Score: 4, Interesting

    Of all the laws that hasn't been put forth that is most sorely needed in the market, it's a law to prevent private companies from using SSNs for ID numbers, customer identification and credit granting. How many people have had to spend thousands of dollars and years in court trying to get their identities back and repair the damage to their credit because they know a name, DoB, address and SSN?