The Washington PostDemocracy Dies in Darkness

Obama proposes legislation on data breaches, student privacy

Placeholder while article actions load

This post has been updated. 

President Obama unveiled legislation to help protect consumers and students against cyberattacks Monday afternoon, as the Twitter and YouTube accounts of the U.S. Military’s Central Command were apparently hacked.

"AMERICAN SOLDIERS, WE ARE COMING, WATCH YOUR BACK. ISIS," read one of numerous posts now on the military's Twitter account. It used the hashtag #CyberCaliphate. The hackers also posted apparent personal information about members of the military and photos from inside bases. In a statement, CENTCOM confirmed that its Twitter account had been “compromised” and said it “is taking appropriate measures to address the matter.” The statement did not elaborate on the extent or seriousness of the hack or who may have been responsible.

The apparent hack came as Obama called for companies to be more transparent with customers after data breaches and protect the privacy of students who use the Internet in the classroom.

The theft of personal financial information "is a direct threat to the economic security of American families and we've got to stop it," Obama said.

Obama's plan, unveiled in a speech at the Federal Trade Commission, would require companies to notify customers within 30 days after the theft of personal information is discovered. Right now, data breaches are handled under a patchwork of state laws that the president said are confusing and costly to enforce; Obama's plan would streamline those into one clear federal standard and bolster requirements for companies to notify customers. Obama is proposing closing loopholes to make it easier to track down cybercriminals overseas who steal and sell identities.

"The more we do to protect consumer information and privacy, the harder it is for hackers to damage our businesses and hurt our economy," Obama said. "The more companies strengthen their cybersecurity, the harder it is for hackers to steal consumer information and hurt American families."

The proposal comes in the wake of major data breaches at retailers nationwide, including Home Depot and Staples, and large corporations including Sony.

Obama said that America can be a pioneer in crafting robust cybersecurity measures.

"We pioneered the Internet, but we also pioneered the Bill of Rights, and a sense that each of us as individuals have a sphere of privacy around us that should not be breached, whether by our government, but also by commercial interests," he said.

Obama also announced that JP MorganChase, Bank of America and other financial institutions will make free credit reports available to their customers as a way to make people aware that their credit scores may be hurt if their financial information is compromised. In October, Obama signed an order to protect consumers from identity theft by strengthening security features in credit cards and the terminals that process them.

Marc Rotenberg, executive director of the Electronic Privacy Information Center, said there is concern that a federal standard would "preempt stronger state laws" about how and when companies have to notify consumers.

Obama unveiled the Student Digital Privacy Act, which would ensure that data entered would be used only for educational purposes. The proposal would prohibit companies from selling student data to third-party companies for purposes other than education. Seventy-five companies have signed a pledge stating that they will not misuse data from online education programs.

"We’re saying that data collected on students in the classroom should only be used for educational purposes -— to teach our children, not to market to our children," Obama said.

The proposal is modeled on a California law enacted last year that protects student data.

The president plans to introduce legislation creating a Consumer Privacy Bill of Rights, which would help further protect consumer privacy and beef up security for companies that keep personal data.

The president also called for consumer electricity data to be protected, including energy usage that typically appears on an online bill. The Department of Energy and the Federal Smart Grid Task Force will release a voluntary code of conduct for providers and third parties governing how that information should be used.

Craig Whitlock contributed reporting.