President Proposes New Laws on Consumer and Student Privacy and Data Breach Notification

January 14, 2015

On January 12, 2015, President Barack Obama announced that he plans to propose to Congress laws designed to protect the privacy of consumers’ personal and financial information and student data, as well as a national data breach notification law. President Obama spoke at the Federal Trade Commission in Washington, D.C. and stressed the importance of protecting Internet users from hackers. “If we’re going to be connected, then we need to be protected,” said the President. “As Americans, we shouldn’t have to forfeit our basic privacy when we go online to do business.”

In his speech, the President called for the first national data breach notification law, reported the Los Angeles Times. Currently, 47 states have some type of law that requires companies to notify consumers when their data is breached. The federal proposal will implement a customer notification standard across the board and will require companies to issue this notification within 30 days of a data breach. According to the President, “we’re introducing new legislation to create a single, strong national standard so Americans know when their information has been stolen or misused.”

President Obama also announced that more banks, credit card issuers, and lenders, including Bank of America, J.P. Morgan Chase USAA, and Ally Financial, will join other financial companies in offering their customers free access to their FICO credit scores. According to The Wall Street Journal, FICO first launched the “Open Access” partnership program in November 2013 to work with banks and other financial companies in providing FICO credit scores to their customers for free.

The Consumer Privacy Bill of Rights, which was first proposed by the White House in 2012 but did not result in legislation, will require “basic baseline protections across industries.” These protections include allowing consumers to decide what kind of personal information companies can collect on them and how that information is used, and requiring companies to securely store that information.Draft legislation on the Consumer Privacy Bill of Rights will be released to the public in 45 days.

Finally, the President discussed the Student Digital Privacy Act, which will prohibit companies from using or selling students’ data to third parties for non-educational purposes. President Obama noted that this law is modeled after a student privacy bill that was enacted in California on September 29, 2014. California’s Student Online Personal Information Protection Act (SOPIPA) prohibits companies from selling K-12 student data and requires these companies to implement and maintain reasonable security procedures to protect the student data.

President Obama will be addressing these proposals to the nation in his State of the Union speech on January 20, 2015.

Biggest Data Breaches in Recent Years

The proposed legislation comes at the heels of some of the biggest data breaches in history. In November 2014, Sony Pictures Entertainment discovered that its company network had been hacked and thousands of files, including files containing confidential personal and medical information of current and former employees, were subsequently released on the Internet. In September 2014, Home Depot experienced its own data breach that compromised about 56 million of its customers’ debit and credit card information. Gibbs Law Group is currently representing plaintiffs in both cases who have had their personal information compromised as a result of the breaches.

On December 19, 2013, Target confirmed that a data breach had taken place in its stores, which potentially affected 40 million Target customers. Some of these customers’ debit and credit card information were sold on the black market. The firm’s founding partner, Daniel C. Girard, has been appointed to the Consumer Cases Steering Committee to coordinate litigation in this case and represent consumers impacted by the breach.

Gibbs Law Group is a national litigation firm with a consumer protection group that has represented millions of individuals in class action lawsuits and delivered significant recoveries and benefits for them. The firm also represents a proposed class of individuals whose data was exposed in the In re Adobe Systems, Inc. Privacy Litigation (Case No. 13-CV-05226-LHK), where Judge Lucy H. Koh of the U.S. District Court for the Northern District of California recently ruled that the plaintiffs had standing to sue based on an increased risk of future harm from the data breach. Partner Matthew B. George serves on the court-appointed lead counsel team to represent customers affected by the Adobe data breach.

If you believe your personal information has been compromised in a recent data breach and would like to learn more about your privacy rights, please contact a privacy attorney toll-free at (866) 981-4800 or by filling out the form to the right.