Obama's record is mixed on personal data security

President Barack Obama promised during his 2008 campaign to mandate standards for securing personal data and to require companies to disclose data breaches.

They're both consumer-friendly goals that get talked about a lot. But passing them into law? That's another story.

PolitiFact, the Times' national politics fact-checking website, has compiled more than 500 of Obama's campaign promises and is tracking their progress on our Obameter.

The Obama administration unveiled an expansive cybersecurity proposal last year that said business entities holding records on more than 10,000 individuals during any 12-month period would be required to alert people in the event of a data breach, "unless there is no reasonable risk of harm or fraud to such individual."

The White House said a federal disclosure law would help businesses "by simplifying and standardizing the existing patchwork of 47 state laws that contain these requirements."

"The president put a lot of effort into developing a comprehensive and generally widely praised privacy-protection platform," said Ed Mierzwinski, consumer program director for the U.S. Public Interest Research Group. "We want it stronger; industry wants it weaker, but it is pretty substantive."

Obama's platform remains in the proposal stage. Other aspects of the cybersecurity debate have kept Republicans and Democrats from passing legislation.

The 2009 Data Accountability and Trust Act would have required "reasonable security policies" to protect personal information. It passed the U.S. House of Representatives but died in the Senate. Similar bills met the same fate.

"The privacy issue is tied up on the Hill for a variety of reasons — partly because privacy and consumer groups do not want it to pre-empt stronger state laws, but industry special interests do; because those industry groups also want it to be watered down as well as ensure that it pre-empts all stronger state laws," Mierzwinski said. "Those special interests want to defeat any privacy law that might impact their wild west use of personal information on the Internet."

The fight in Congress has dragged on so long that the Obama administration is now reportedly considering an executive order on cybersecurity, although it's not clear such an order would include a data breach disclosure requirement.

What's more, executive orders generally are not as strong as legislation.

The executive order "only initiates agencies to start policies and practices. Most likely it won't require public disclosure. It may not even mandate private disclosure to the government," said Mark Jaycox, policy analyst with the Electronic Frontier Foundation, a think tank dedicated to free speech, privacy and consumer rights issues.

Because there's no new requirement on the books for companies to disclose data breaches, we rate this a Promise Broken.

But an executive order could be effective for setting standards for securing personal data, at least for companies that interact with the federal government. So we leave this promise rated In the Works.

Require companies to disclose personal information data breaches

"California and other states have laws requiring a company that may have disclosed a resident's personal information without authorization to inform the victim of the disclosure. Barack Obama … will push for comparable federal legislation."

Mandate standards for securing personal data

"The federal government must partner with industry and our citizens to secure personal data stored on government and private systems. An Obama administration will institute a common standard for securing such data across industries."

About the Obameter

PolitiFact has compiled more than 500 promises that Barack Obama made during the 2008 campaign and is tracking their progress on our Obameter.

We rate their status as Not Yet Rated, In the Works or Stalled. Once we find action is completed, we rate them Promise Kept, Compromise or Promise Broken.

The Obameter Scorecard

RatingTotalPercent
Promise Kept20841
Compromise 101 20
Promise

Broken
10821
Stalled 19 4
In the Works 72 42

Obama's record is mixed on personal data security 12/01/12 [Last modified: Saturday, December 1, 2012 3:31am]

© 2014 Tampa Bay Times

    

Join the discussion: Click to view comments, add yours

Loading...