March 03, 2015

What President Obama Has to Say About Information Security

“If we’re going to be connected, then we need to be protected,” said President Barack Obama in a speech made at the Federal Trade Commission in Washington in mid-January.

“We shouldn't have to forfeit our basic privacy when we go online to do our business.”

But as information security professionals and organizations such as the National Consumer Protection Week (NCPW) keep reminding consumers and workplaces, the risk of an information security breach occurring these days is huge.

There are many statistics to back this up. President Obama cited one survey that showed 9 /10 Americans say they feel like they’ve lost control of their personal information. He said more than 100 million Americans have had personal data such as their credit card information compromised in recent breaches.

The NCPW campaign, which is running across the country from March 1st-7th, 2015, provides consumers and businesses with resources and other information to help them make better-informed decisions about different matters including information security and privacy.

In other security news, President Obama highlighted the importance of increased cybersecurity in his State of the Union Address in January.

How would some of the protective strategies he proposed affect the information security landscape for consumers and businesses?

  • Standardized breach notification. Right now almost every state has a different notification law, and it can be very confusing. President Obama proposed a national Personal Data Notification and Protection Act – so Americans would know when their information has been stolen or misused. Companies would have to notify consumers of a breach within 30 days.
  • Free access to consumer credit scores. The President is encouraging companies to provide credit score information to consumers free of charge. Credit scores can provide early warnings of fraud incidents. As a result, consumers would be able to deal with problems faster.
  • Consumer Privacy Bill of Rights. An enforceable code of conduct would empower consumers. For example, they would have the right to decide what personal data companies can collect and how companies can use that data. Also, any organization that handles private information would have to be accountable and information would have to be stored and managed securely.
  • More effective law enforcement. President Obama proposed closing loopholes in the law so law enforcement agencies would be better equipped to catch identity thieves.
  • Privacy for children. Citing Facebook, texting and other social media sites and behavior today, the President proposed a Student Digital Privacy Act. The legislation would better protect the personal information and privacy of children. For example, data collected about students in the classroom could only be used for educational purposes.

In the workplace, effective information security is a combination of best practices and legal imperatives. Here is a DIY Information Security Checklist in order to assess your workplace. This comprehensive Business Guide to Document Security and Reputation Management provides best practices.