WASHINGTON (AP) — President Barack Obama on Monday proposed strengthening laws against identity theft by requiring notification when consumer information is hacked and protecting students’ private data.
Obama also called for more free access to all consumer credit rating services. While customers can get annual credit reports free once a year, FICO credit scores typically cost money to obtain, although some banks have been offering them free to customers.
Obama applauded those companies for offering the service and called on more to do so. He said a credit score “is like an early warning system telling you that you’ve been hit by fraud so you can deal with it fast.”
Obama said identity theft is a growing problem that costs billions of dollars and can “turn your life upside down.” He said the age of technology and digital innovation has created enormous vulnerabilities for the U.S. and cited the recent hack on Sony Pictures Entertainment as an example.
“This is a direct threat to the economic security of American families and we’ve got to stop it,” Obama said in a speech at the Federal Trade Commission. “If we’re going to be connected, we need to be protected.”
Just as Obama finished speaking, the Twitter and YouTube accounts for U.S. Central Command were taken over by hackers who claimed to be working on behalf of Islamic State militants.
Obama, previewing a push he plans to make in the State of the Union address next week, wants Congress to pass legislation called the Personal Data Notification and Protection Act, which would require companies to inform customers within 30 days if their data has been hacked.
Recent hackings at retailers including Target, Home Depot and Neiman Marcus have exposed the lack of uniform practices for alerting customers in the event of a breach. The White House has blamed last month’s hacking at Sony Pictures Entertainment on North Korea and responded with new sanctions against the isolated nation.
Obama says every state currently has its own policy on when companies must notify consumers of a breach and that there should be a single standard across the country and baseline protections across industries. The legislation would also make it a crime to sell customers’ identities overseas.
He also wants to prevent companies from selling student data to third parties and from using information collected in school to engage in targeted advertising. The Student Digital Privacy Act would prohibit companies from selling student data to third parties, a move spurred by the increased use of technology in schools that can scoop up personal information.
“Data collected on students in the classroom should only be used for educational purposes – to teach our children, not to market to our children,” Obama said.
A White House official said the proposed bill is based on a California statute pushed by Common Sense Media, a group that promotes privacy. The organization said the proliferation of online platforms, mobile applications, cloud computing and other technology allows businesses to collect sensitive data about students including contact information, academic records, and even what students eat for lunch or whether they ride the bus to school.
Nowhere is cybersecurity more talked about, or costly, than in the banking industry. Banks often have to deal with unexpected expenses when a retailer is hit with a data breach, having to reissue millions of credit and debit cards to customers, often for free.
Jamie Dimon, CEO of JPMorgan Chase, has said the company is spending upward of $250 million a year on data security and expects that cost to increase. The Independent Community Bankers of America, the trade group for small, often regional banks, said its members issued 4 million new debit cards as a result of the Target breach last year, at a cost of $40 million.
With that in mind, industry lobbyists said banks are generally in favor of some sort of universal notification law when it comes to data breaches. The industry has also been pushing to get merchants to be required to use the same data security standards as banks.
“We’re very pleased and see this as a meaningful first step,” said Viveca Ware, an expert on data security with the ICBA.
The Center for Democracy & Technology also said it supports Obama’s moves to protect the data, while pointing out that his administration still uses electronic surveillance for national security purposes.
“Even with these proposed reforms, we must not forget about government surveillance reform,” said Nuala O’Connor, the group’s president. “Without the end to the mass surveillance practices of the U.S. government, any privacy reform is woefully incomplete.”
It’s unclear whether the new Republican-led Congress will take up Obama’s legislative proposals.