The Obameter

Mandate standards for securing personal data

"The federal government must partner with industry and our citizens to secure personal data stored on government and private systems. An Obama administration will institute a common standard for securing such data across industries."


No firm action, but issue remains a priority

Three years into his term, President Barack Obama unveiled a Consumer Privacy Bill of Rights, a set of principles aimed at guiding both consumers and companies that handle private information.

The bill of rights specifies that "consumers have a right to secure and responsible handling of personal data.”

When the White House introduced the document in February 2012, it said that the U.S. Commerce Department would bring together companies, privacy and consumer advocates, technical experts and academics to establish specific practices or codes of conduct. The goal is for those codes to become legislation, but that hasn't happened yet.

Other aspects of the cybersecurity debate -- such as how to protect power grids and computer networks from sabotage -- have gotten stuck in Congress. In July, a Senate cybersecurity bill fell eight votes shy of the 60 votes needed to move past a Republican filibuster, and subsequent attempts to bring it back for consideration also failed.

But already, personal data protection and cybersecurity are shaping up as priorities in the next Congress.

Congressional Quarterly Today reported in September that Rep. Zoe Lofgren, D-Calif., introduced two bills that address consumer privacy and Internet governance issues. One of the measures lays out proposals "to update electronic privacy law that predates the Internet so that consumer emails and electronic data are protected from unwarranted government surveillance.”

CQ said that Lofgren acknowledged the bills were unlikely to pass this year and she plans to reintroduce them in the 113th Congress.

Lacking action by the current Congress, however, Obama has reportedly drafted an executive order governing an array of cybersecurity issues. The move has drawn criticism from some Republicans, but it's a sign that tackling Internet privacy and protecting the nation's computer networks remain a high priority. We'll watch for more solid progress on this front and leave the needle at In the Works.


Forbes, "President Obama's Consumer Privacy Bill of Rights,” Feb. 23, 2012, "We Can't Wait: Obama Administration Unveils Blueprint for a 'Privacy Bill of Rights' to Protect Consumers Online,” May 12, 2011

CQ Today, "Tech Priorities for Next Congress Begin to Appear,” Sept. 26, 2012

Bloomberg News, " Limits Seen in White House Cybersecurity Executive Order,” Sept. 28, 2012

Email interview with Mark Jaycox, policy analyst with the Electronic Frontier Foundation, Nov. 16, 2010

Associated Press, "Draft order seeks to improve US digital defenses,” Sept. 10, 2012

THOMAS, Cybersecurity Act of 2012, introduced July 19, 2012

Email interview with Eric Schultz, White House spokesman, Nov. 14, 2012

Bills introduced in Congress would mandate standards for personal data

On April 30, 2009, Rep. Bobby Rush, D-Ill., chairman of the Energy and Commerce Subcommittee on Commerce, Trade and Consumer Protection, introduced H.R. 2221, the Data Accountability and Trust Act of 2009. One of the main purposes of the bill is to require "reasonable security policies and procedures to protect data containing personal information."

The bill was co-sponsored by legislators on both sides of the aisle: Rep. Joe Barton, R-Texas, ranking member of the House Committee on Energy and Commerce; Rep. Cliff Stearns, R-Fla., the Republican leader on the Communications, Technology and the Internet Subcommittee; Rep. George Radanovich, R-Calif.; and Rep. Janice Schakowski, D-Ill.

In a statement before his subcommittee, Rep. Rush said the bill "requires that persons possessing electronic data that contain personal information must take steps to ensure that the data is secure."

According to a Congressional Research Service summary of the bill, the act would require the Federal Trade Commission to institute regulations requiring people engaged in interstate commerce that own or possess electronic data containing personal information to establish security policies and procedures. It authorizes the FTC to require standard methods for destroying obsolete nonelectronic data. It also would require keepers of personal information records to establish procedures to verify the accuracy of information; provide people whose personal information it maintains a means to review it; place notice on the Internet instructing individuals how to request access to such information; and correct inaccurate information.

On Dec. 8, 2009, the bill passed in the House with a voice vote. The next day, it was referred to the Senate Committee on Commerce, Science, and Transportation.

In addition, the Department of Homeland Security is working with Congress to pass S. 1261, a bill that seeks to better protect the security, confidentiality, and integrity of personal information collected by states issuing drivers' licenses and other identification documents. The bill was introduced by Sen. Daniel Akaka, D-Hawaii, on June 15, 2009, and currently is before the Committee on Homeland Security and Governmental Affairs.

We move this promise to In the Works.


Library of Congress, H.R. 2221, the Data Accountability and Trust Act of 2009

Web site of Rep. Bobby Rush, Statement by Rep. Rush, Chairman Energy and Commerce Subcommittee on Commerce, Trade and Consumer Protection, at the Hearing on H.R. 2221, May 5, 2009

Library of Congress, S.1261 REAL ID Act