Senior White House officials have released a report reviewing Big Data and privacy concerns in the nation and called for the adoption of a national standard for reporting data breaches.
On Thursday, White House counselor John Podesta took to the White House blog to announce the findings of the review, which President Obama had requested in January. The President had charged Podesta with leading the effort to dissect the personal privacy implications of Big Data analytics, as well as its affect on the government and economy.
Podesta, and senior government officials, spent three months consulting with academic researchers, privacy advocates, technology experts, regulators, advertisers, civil rights groups and the public, as well as reviewing the results of a related study conducted by the President's Council of Advisors for Science and Technology. In addition, the White House jointly organized three conferences at high-profile universities, before presenting the 85-page report (PDF) to the President.
Senior officials made six key recommendations, including that a singular standard for data breach reporting be enacted.
“Congress should pass legislation that provides for a single national data breach standard along the lines of the Administration's May 2011 Cybersecurity legislative proposal [PDF],” the report said. “Such legislation should impose reasonable time periods for notification, minimize interference with law enforcement investigations, and potentially prioritize notification about large, damaging incidents over less significant incidents.”
Podesta noted that the majority of states adhere to their own data breach notification laws, but that Congress should act to provide a more cohesive, over-arching standard that organizations can follow.
Privacy and security buffs have long discussed the merits and challenges of having such legislation, but, in the past, efforts to create and pass uniform laws have stalled.
David Walton, co-chair of law firm Cozen O'Connor's privacy, data and cybersecurity group, told SCMagazine.com in a Friday interview that, while he was in support of a national breach standard being passed, it may still be an uphill battle.
“I think it would be great to have a national breach standard, because, unfortunately, we are just seeing the tip of the iceberg as far as breach activity,” Walton said. “On one hand, [state-by-state legislation] works because it's case specific, but, on the other hand, it's harder to counsel clients on a gray standard.”
He later contended that continuous and widespread breaches may have an impact on lawmakers.
“I don't think it would be any easier [to pass], but I do think there's great motivation for people to agree to something,” Walton said.
In a Friday email correspondence with SCMagazine.com, Ed McNicholas, co-leader of Sidley Austin's Privacy, Data Security and Information Law practice, said that the major holiday breach at Target "has led to a growing awareness that almost all companies are vulnerable to similar breaches, regardless of the rigor of their information security protections."
He added that, varying state laws on breach notification "complicates the analysis of the situation, slows the process, and confuses consumers."
In the Big Data report, White House advisors also made five other recommendations to President Obama, including that the Department of Commerce consider updating the Consumer Privacy Bill of Rights; privacy safeguards be extended to non-U.S. citizens pertaining to the government's handling of their personally identifiable information (PII); and agencies investigate “discriminatory outcomes” of big data analytics.
In addition, officials said that the Electronic Communications Privacy Act (ECPA) should be amended to remain relevant in today's digital age, and that the government must ensure the protection of student data collected for educational purposes.