By Rachna Kapur

Last week, The White House and President Obama announced a comprehensive reform to the nation’s consumer protection and data privacy regimes.[1] Currently, consumer protection laws regarding data and privacy are implemented at the state level. There is no comprehensive federal law regarding the protection of personal information on the Internet. In 2012, President Obama released a blueprint for addressing consumer privacy initiatives.[2] As a result, working groups were established to analyze issues related to big data and privacy.[3] However, no legislation was initiated or passed in order to address these issues. Now, there is an initiative from the Obama administration to pass such a law.[4] This announcement comes at a time when various fronts have attacked the Internet and data privacy regime in the United States is under fire from various fronts. Primarily, the Sony Pictures-North Korea hacking incident in December 2014 left many wondering if our nation is susceptible to Internet terrorism.[5]

Internet terrorism, however, is not explicitly addressed in the announced legislation. In the proposed package, President Obama’s goal is to strengthen the bond between consumer and company by requiring companies to notify the customer when a data breach has occurred.[6]This is intended to instill trust in the consumer by ensuring them that the company will work harder to protect their information and interests.[7]In this regard, this proposed law would harmonize current state laws. Currently, forty-seven states have similar legislation requiring companies to notify consumers within 30 days of a security breach.[8]While some states, such as California, have implemented stronger legislation, others such as South Dakota and New Mexico have no similar laws on the books.[9] New federal legislation would help provide all Americans with a basic standard of privacy protections, and also pave the way for creating a broader consumer privacy regime. In addition to protecting citizens’ information, the law also aims to tighten current identity theft laws by notifying consumers when their data and personal information have been breached.[10] The law will also allow consumers to have easier access to credit scores and reports, thereby helping them to spot identity theft faster.[11]

One of the more interesting developments in President Obama’s announcement is the development of a data privacy initiative specifically for students. The legislation will most likely enact the monumental California law, the Student Online Information Protection Act (SOIPA), on a national level.[12] The SOIPA restricts the use of students’ educational data for third parties by prohibiting them from selling information of K-12 students for non-educational purposes.[13] This law arose when Google came under fire for monitoring and collecting information on students via email and other accounts without disclosing that they were gathering information and how they were using the it.[14] The White House announced that the proposed federal law would be modeled after the SOIPA in order to protect K-12 students as they increasingly utilize technology to further their education.[15]

Despite strengthening many aspects of the current consumer privacy and protection regime, the announced legislation does not guarantee that consumer’s rights will be fully protected. While it does propose a consumer protection bill of rights, there is no guarantee that it will comprehensively address the needs of all consumers.[16] The Department of Commerce began its public comment period on this bill, but it is still unclear in what direction this bill will go.[17] This announcement proves to be a step in the right direction for consumer protection and Internet privacy in the Untied States, but it remains to be seen how much the legislation will actually protect consumers once it goes through the congressional pipeline.

[1] See Press Release, The White House, Fact Sheet; Safeguarding American Consumers and Families (January 12, 2015) (on file with author).

[2] See id.

[3] See id.

[4] See id.

[5] See Doina Chiacu, Obama Turns Focus to Internet Security, Privacy, Reuters (Jan. 10, 2015, 2:45 PM), https://www.reuters.com/article/2015/01/10/us-usa-obama-cybersecurity-idUSKBN0KJ0KF20150110.

[6] See id.

[7] See id.

[8] See Seth Rosenblatt, Obama’s Data-breach Initiative has Privacy Advocates Optimistic, Cautious, Cnet (Jan. 13, 2015, 5:00 AM), https://www.cnet.com/news/obama-data-breach-plan-has-privacy-advocates-optimistic-cautious/.

[9] See id.

[10] See White House, supra note 1.

[11] See id.

[12] See id.

[13] See Cal. Bus. & Prof. Code § 22584 (Deering 2015).

[14] See Benjamin Herold, ‘Landmark’ Student-Data-Privacy Law Enacted in California, Education Week (Sept. 30, 2014 10:10 AM), https://blogs.edweek.org/edweek/DigitalEducation/2014/09/_landmark_student-data-privacy.html.

[15] See White House, supra note 1.

[16] See id.

[17] See id.