The Pell Center’s work on cybersecurity has proven to be a step ahead when these topics reach the national stage.
President Barack Obama has previewed some of the key issues he plans to discuss during his State of the Union address, especially new cybersecurity initiatives in areas from ID theft to consumer privacy. One of the more notable proposals is the creation of a national data breach notification law that would require all companies and financial institutions to notify customers that their personal information has been compromised within 30 days of a breach. The new cybersecurity proposals also call for updated laws to prosecute cyber criminals.
“The spiraling increase in cyber-attacks and disruptions of service cannot go unanswered,” says Pell Center Adjunct Fellow Ellen Giblin. “The President must propose a new federal data breach law that brings together all stakeholders in this complex problem and allows for greater harmonization for companies in reporting data breaches and cyber-attacks.”
Pell Center Adjunct Fellow Ken Bell stressed that “specific, accurate, and timely notification of a breach is fundamental to give consumers and companies the ability to respond.”
Since January 2014, the Rhode Island Corporate Cybersecurity Initiative (RICCI), hosted by the Pell Center, has focused attention on data breaches. In September 2014, the Pell Center hosted a workshop for public and private leaders from across Rhode Island to review gaps in the current RI notification of breach law and to propose methods to strengthen the existing law.
Informed by the results of the Pell Center’s September workshop, RI State Senator Louis DiPalma introduced a comprehensive data breach notification bill. As Cyber Leadership Fellow Francesca Spidalieri explains, “the new law would raise the cost of data breaches in Rhode Island; better protect state customers’ personal information; provide state companies with a specific timeframe and process to follow in the case of a data breach; and define the role that state agencies and law enforcement would play in those instances. In addition, this law would apply to all companies that own, license, or manage RI residents’ personal information, and not just cover companies based in RI.
Similarly, the bill proposed by President Obama intends to protect consumers while providing much-needed focus on concrete steps that can be taken in case of a breach. The president’s proposal would simplify the maze of state breach laws that currently exist. While most states, including Rhode Island have existing data breach notification laws, there are no national standards.
Lawmakers have tried for nearly a decade to pass a federal bill to replace the patchwork of state laws, but have repeatedly failed, in part because either the laws went too far, or didn’t go far enough. DiPalma’s bill could be a model for the nation.
Additional cybersecurity proposals that the President is scheduled to announce include a Consumer Privacy Bill of Rights that would give consumers more control over their digital data; a Student Data Privacy Act, which would prevent information collected about students from being used for anything but educational purposes; and a broadband expansion plan.