President Obama's call for a national data breach notification law is being cheered by the Direct Marketing Association, which has long lobbied for a national standard.
“DMA agrees with President Obama that the time has come to replace the patchwork of state laws,” Peggy Hudson, DMA’s senior vice president of government affairs, said in a statement issued on Monday evening. She added that the various state laws confuse consumers and create “burdensome compliance costs for business.”
Obama said earlier today that the White House intends to introduce new privacy measures, including a bill that would require companies to notify consumers within 30 days of a data breach.
Not all observers favor a national standard for when companies must notify consumers about cybersecurity breaches. The organization Consumer Watchdog said today that any federal legislation shouldn't trump more stringent state laws.
“It’s good that the president has re-focused on privacy and data security issues, but it would be terrible his proposals preempt stronger state laws and offer less protection,” John Simpson, Consumer Watchdog’s Privacy Project director, said in a statement. “Any national consumer privacy laws should be a floor, not a ceiling. States must be allowed to enact stronger measures.”
Obama also said the White House is readying other privacy measures, including a bill to prohibit companies from using educational data to send behaviorally targeted ads to students.
Sens. Ed Markey (D-Mass.) and Orrin Hatch (R-Utah) responded to Obama's statement by pointing out that they previously introduced legislation aimed at protecting students' privacy. “It is…. important that students’ information is used only to better their success in the classroom, and not for other purposes," they said in a statement. "However, in doing so we must make certain not to impede the exciting and innovative ways technology can help to improve student outcomes.”