May 24, 2020

May 22, 2020

Subscribe to Latest Legal News and Analysis

President Obama to Call For National Data Breach Notification Law and Other Cybersecurity Measures

About two years ago, President Obama signed an executive order on the date that he delivered his State of the Union address which directed certain federal agencies to develop voluntary standards for achieving cybersecurity. Preparing for his 2015 State of the Union address, Bloomberg and other news outlets are reporting this morning that President Obama will be proposing legislation, including the Personal Data Notification & Protection Act, designed to increase protections for personal data. This announcement comes in advance of the President’s visit to the Federal Trade Commission today, and apparently will be a topic during the coming State of the Union address later this month.

According to the reports, the President wants a national standard for data breach notification, one that requires notice to customers within 30 days of discovering the breach. Criminal sanctions also would be enacted for persons engaged in illegal trading of identities, the economic engine behind massive payment card breaches. The President’s proposal also would tighten protections for student data and consumer data pertaining to energy use. The President also will seek to enact into law provisions of the Consumer Privacy Bill of Rights that the White House issued in February 2012.

Over the past 10 or so years, there have been many calls for broad-based data security measures at the federal level, including a national data breach notification standard. Many members of the House and Senate proposed a number of laws in this area. Those efforts have largely failed. Whether the President’s call for action following a year of massive data breaches will yield a different result remains to be seen, particularly as the Republican Party has a stronger grip on the legislative branch.

Jackson Lewis P.C. © 2020


About this Author


Joseph J. Lazzarotti is a Principal in the Morristown, New Jersey, office of Jackson Lewis P.C. He founded and currently helps to co-lead the firm's Privacy, e-Communication and Data Security Practice, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with the International Association of Privacy Professionals.

In short, his practice focuses on the matrix of laws governing the privacy, security and management of data, as well as the impact and regulation of social media. He also...

973- 538-6890