White House considers a 30-day limit for disclosure of data breaches
Companies should be compelled to inform customers of hacks, says Obama
President Obama is today due to propose new measures which would ensure companies inform their customers when their data may have been stolen, giving a 30 day period in which to let people know that they could have been compromised.
The Personal Data Notification and Protection Act, which Obama will put before the FTC later today, will attempt to ensure that customers are given ample warning to change login details and update banking security after hacking attempts and security breaches, hopefully limiting fraud and protecting user safety online. The 30 day limit would only apply in the US, but would likely tacitly enforce global disclosure.
"As cybersecurity threats and identity theft continue to rise, recent polls show that nine in 10 Americans feel they have in some way lost control of their personal information - and that can lead to less interaction with technology, less innovation and a less productive economy," a White House briefing document explains.
The move comes after a spate of recent cyber-security concerns, including the North Korea-lead infiltration into Sony which resulted in the cancellation of screenings of "The Interview", but the problem for consumers stretches much further back. For gamers, Sony was again at the centre of the most memorable breach when PSN's database was breached in 2011. The company was heavily criticised following the full disclosure of the timeline of those events, particularly for its decision to delay informing customers until well after it was aware that security details had been stolen.
Obama's government expects little opposition to the proposed bill, despite the president facing a Republican-dominated house. Whilst there are likely to be some accusations that the act is 'anti-business', the Senate's response to the Sony breach looks likely to have set a precendent for its attitude.