The Rippleshot Data Breach Blog

President Obama Sets His Sights on National Data Breach Legislation

Written by Kaleigh Simmons | Jan 13, 2015 9:30:00 PM

During a speech at the Federal Trade Commission on Monday, President Obama outlined his plans on attacking several cybersecurity issues, including a legislative proposal to help protect the millions of Americans whose personal information has been compromised as a result of a data breach.

The Personal Data Notification & Protection Act is one of several pieces of proposed legislation by the president in an attempt to overhaul consumer cybersecurity. According to a report by Ponemon Institute, over 40% of companies experienced a data breach in the past year, up 10% from the year prior. The Nilson Report has seen payment card fraud grow 22% each year since 2009 and consumers are less confident than ever that financial institutions and merchants are taking the appropriate steps to protect them from fraud.

..the problem is growing, and it costs us billions of dollars.  In one survey, 9 out of 10 Americans say they feel like they’ve lost control of their personal information.  In recent breaches, more than 100 million Americans have had their personal data compromised, like credit card information.  When these cyber criminals start racking up charges on your card, it can destroy your credit rating.  It can turn your life upside down.  It may take you months to get your finances back in order.  So this is a direct threat to the economic security of American families and we’ve got to stop it.

So today I’m announcing new steps to protect the identities and privacy of the American people.  Let me list them for you.  First, we’re introducing new legislation to create a single, strong national standard so Americans know when their information has been stolen or misused.  Right now, almost every state has a different law on this, and it’s confusing for consumers and it’s confusing for companies -- and it’s costly, too, to have to comply to this patchwork of laws.  Sometimes, folks don’t even find out their credit card information has been stolen until they see charges on their bill, and then it’s too late.  So under the new standard that we’re proposing, companies would have to notify consumers of a breach within 30 days.  In addition, we’re proposing to close loopholes in the law so we can go after more criminals who steal and sell the identities of Americans —- even when they do it overseas.

While some states already meet this requirement, there are many more that leave the notification timeline incredibly vague with phrasing like "within the most expedient time possible and without unreasonable delay." This proposed data breach legislation could set a national standard for responses, pushing banks and merchants to find ways to detect breaches faster and notify consumers earlier.

Rippleshot detects data breaches on average four months faster than traditional methods. Download our case study bundle to see the impact Rippleshot would have made for companies like Target, Home Depot and Staples.