In a move to spur the move to pin and chip cards President Obama signed an executive order directing government agencies to shift to the use of chip-and-PIN cards. The order directs the use of the more secure cards for use in consumer benefits programs, including Social Security.
At the Oct. 17 appearance at the federal Consumer Financial Protection Bureau, the President also announced a cyber security and consumer protection summit that will be hosted at the White House. The summit will bring together cabinet members and key industry players in the consumer financial sector to examine the best practices, advance adoption of stronger security standards and discuss next generation technologies.
“We are also calling on Congress to pass meaningful cyber security legislation that will help the government better protect federal networks and legislation that appropriately balances the need for greater information sharing and strong protection for privacy and civil liberties – respecting the longstanding responsibilities of civilian and military agencies,” Obama says.
President Obama also urged Congress to pass a national data breach notification law. According to the President the numerous differing state laws is unsustainable and benefits no one. “Today we are calling on Congress to act with urgency on data breach legislation, to bring clarity to the expectations consumers should have when their data has been breached, and to mandate steps companies must take to notify their customers of risks after such security breaches,” said the President.
Although the President is urging Congress to act Washington not changed. Many experts do not believe that a national data breach law is possible this year. Experts say that no bill has been introduced on Senate or House floors in the current Congress. Those familiar with the legislative process report that those who promote the law and those who would be subject to it cannot agree. Congress simply cannot agree on key provisions of data breach notification measures. Basically businesses want less stringent data breach notification rules than do consumer advocates.
“In some ways the inaction is remarkable,” says Peter Swire, senior fellow at the Future of Privacy Forum and professor at Georgia Tech’s Scheller College of Business. “We had spectacular data breaches involving tens of millions of consumers, and even that is not enough to prompt Congress into action.”
During the last four Congresses, the Senate Judiciary Committee has approved bipartisan data breach notification legislation. Sadly none of the bills ever came up for a vote. Chances of that happening in the current Congress don’t look good.
Even without federal data breach legislation data breach notification is regulated in most of the United States. Data breach law is enforced on a state-by-state basis. Currently 47 states have enacted data breach notification laws. You can examine your state data breach law at States Advance Breach Notification Laws. These state laws vary from one another and companies suffering data breaches can pick and choose what state laws they wish to follow. Many business groups would prefer to see a single, national statute to cut down on the paperwork involved in reporting data breaches.
Breaking it down
What President is saying is that the ones that are supposed to be working to protect us are clearly failing. Congress has exhibited a pathetic lack of desire to do what they are elected to do. In the past year we have seen massive data breaches that exposed the payment information of hundreds of millions of Americans. Does it look like Congress gives a damn? We have seen our government systems hacked and government employee personal information stolen. Has Congress done anythinh? We see our intellectual property stolen, medical records stolen and even military systems attacked and breached. And what are they doing in Washington? Nothing! Not a single data breach or cyber security law has even reached the floor for a vote. You might want to vote this election year. Why is Congress waiting for security advocates and companies to come to an agreement? We need our elected officials to act in the best interest of the citizens. They should have been up in arms about their constituents information being stolen. They should be but does it look that way to you?