White House calls for new standard to alert consumers to data breaches

Reuters News
Posted: May 01, 2014 1:45 PM

WASHINGTON (Reuters) - The White House on Thursday called on Congress to pass legislation to create a national standard for telling consumers when their data has been hacked, one of six policy recommendations from a 90-day review of data and privacy.

A patchwork of state laws requiring disclosure of data breaches, such as the massive hack at retailer Target last December, but the rules vary in terms of when and how much notice must be given.

"As organizations store more information about individuals, Americans have a right to know if that information has been stolen or otherwise improperly exposed," said the report, led by John Podesta, a top advisor to President Barack Obama.

Obama asked for the review as part of his response to the revelations of ex-spy contractor Edward Snowden, who leaked information about the National Security Agency's data collection programs.

The Podesta review sought to examine consumer privacy given the reams of data collected and stored on the internet, from phones, and from sensors and cameras.

"We live in a world of near-ubiquitous data collection where that data is being crunched at a speed increasingly approaching real-time," the report said.

The 68-page review emphasized the ways that big data can be used for good in medical research and other fields, but said the government and private sector need to make sure laws are updated to protect privacy.

Its key recommendations would require action by Congress, which is unlikely to advance legislation ahead of midterm elections in November.

The White House said the Commerce Department is going start work on drafting a bill that would codify a "Consumer Privacy Bill of Rights" the White House drafted in 2012.

The report also concluded that Congress should update the Electronic Communications Privacy Act to better protect email that has been stored or left unread, the White House said in its report.

The review said agencies should look at how to apply the Privacy Act of 1974 to non-U.S. persons, and also find ways to identify and investigate when big data is being used to discriminate against people.

(Reporting by Roberta Rampton and Steve Holland; Editing by Sandra Maler)