In Big Data report, White House calls for national breach reporting standard
White House says new Chinese IT equipment rule may disrupt business without helping security
Senior White House officials have released a report reviewing Big Data and privacy concerns in the nation and called for the adoption of a national standard for reporting data breaches.
On Thursday, White House counselor John Podesta took to the White House blog to announce the findings of the review, which President Obama had requested in January. The President had charged Podesta with leading the effort to dissect the personal privacy implications of Big Data analytics, as well as its affect on the government and economy.
Podesta, and senior government officials, spent three months consulting with academic researchers, privacy advocates, technology experts, regulators, advertisers, civil rights groups and the public, as well as reviewing the results of a related study conducted by the President's Council of Advisors for Science and Technology. In addition, the White House jointly organized three conferences at high-profile universities, before presenting the 85-page report (PDF) to the President.
Senior officials made six key recommendations, including that a singular standard for data breach reporting be enacted.
“Congress should pass legislation that provides for a single national data breach standard along the lines of the Administration's May 2011 Cybersecurity legislative proposal [PDF],” the report said. “Such legislation should impose reasonable time periods for notification, minimize interference with law enforcement investigations, and potentially prioritize notification about large, damaging incidents over less significant incidents.”
Podesta noted that the majority of states adhere to their own data breach notification laws, but that Congress should act to provide a more cohesive, over-arching standard that organizations can follow.
Privacy and security buffs have long discussed the merits and challenges of having such legislation, but, in the past, efforts to create and pass uniform laws have stalled.
David Walton, co-chair of law firm Cozen O'Connor's privacy, data and cybersecurity group, told SCMagazine.com in a Friday interview that, while he was in support of a national breach standard being passed, it may still be an uphill battle.
“I think it would be great to have a national breach standard, because, unfortunately, we are just seeing the tip of the iceberg as far as breach activity,” Walton said. “On one hand, [state-by-state legislation] works because it's case specific, but, on the other hand, it's harder to counsel clients on a gray standard.”
He later contended that continuous and widespread breaches may have an impact on lawmakers.
“I don't think it would be any easier [to pass], but I do think there's great motivation for people to agree to something,” Walton said.