Push on for National Breach Notice LawWhite House Group Proposes Major Cybersecurity Initiatives
A White House working group exploring big data and privacy has proposed that Congress enact a national data breach notification law as well as legislation to define the government's role in cybersecurity.
The panel recommends that a national data breach notification law should be based on legislation proposed by the administration three years ago (see Obama Offers Breach Notification Bill), which would impose reasonable time periods for notification, minimize interference with law enforcement investigations and potentially prioritize notification about large, damaging incidents over less significant ones.
In the May 1 report - Big Data: Seizing Opportunities, Preserving Values - the working group, headed by presidential counselor John Podesta, also proposes legislation to:
- Synchronize laws regarding cybercrime with those of other types of crimes;
- More clearly define the role of the Department of Homeland Security in providing voluntary assistance to industry, states and local governments;
- Promote voluntary cyberthreat information sharing between industry and government with immunity from civil lawsuits;
- Codify the president's cybersecurity framework, in which critical infrastructure operators can voluntarily adopt IT security best practices (see The Evolving Cybersecurity Framework);
- Update the Federal Information Security Management Act, the law that governs federal government IT security, and formalize DHS's existing role in managing cybersecurity for civilian agencies;
- Furnish the government more flexibility in hiring qualified IT security specialists;
- Codify DHS's authority to oversee intrusion protection systems at civilian agencies; and
- Prevent states from requiring companies to build their data centers in their states, to help facilitate the growth of cloud computing.
Big Data Revolution
Podesta, writing in a White House blog, says the big data revolution presents incredible opportunities in virtually every sector of the economy and every corner of society, but it also presents privacy and security challenges that must be addressed. "No matter how quickly technology advances, it remains within our power to ensure that we both encourage innovation and protect our values through law, policy and the practices we encourage in the public and private sector," Podesta says.
The working group - whose members included Secretary of Commerce Penny Pritzker, Secretary of Energy Ernest Moniz, Presidential Science Adviser John Holdren and Presidential Economic Adviser Jeff Zients - also propose amending the Electronic Communications Privacy Act to ensure the standard of protection for online, digital content is consistent with that afforded in the physical world - including by removing archaic distinctions between e-mail left unread or over a certain age.
That proposal was praised by the American Civil Liberties Union. "By recognizing that online and offline communications should be treated the same, the report lays the groundwork for keeping everyone's e-mails, texts and photos private and secure," says Christopher Calabrese, ACLU legislative counsel. "Now Congress and the administration need to make this vision a reality by enacting ECPA reform without any loopholes."