Banking Exchange Magazine Logo

Obama sets cyber security agenda

Includes “Consumer Privacy Bill of Rights”

Obama sets cyber security agenda

President Obama described several legislative proposals intended to improve cyber security during a speech Monday at the Federal Trade Commission.

The announcements precede what he said would be part of his upcoming State of the Union address. The speech is part of series of “spoilers” the President has been unveiling in advance of the traditional speech to Congress and the nation.

“I’m laying out some new proposals on how we can keep seizing the possibilities of an Information Age while protecting the security and prosperity and values that we all cherish,” Obama said.

In this speech Obama listed four specific steps aimed at protecting identities and privacy. He also hinted that in an ensuing speech, to be given at the Department of Homeland Security, he’d propose additional measures that would “focus on how we can work with the private sector to better defend ourselves against cyber attacks.”

President’s 4 steps

The four measures Obama described at the FTC were:

1. New legislation to create a single, strong national standard so Americans know when their information has been stolen or misused.

Companies would have to notify consumers of a breach within 30 days. “Loopholes” would be closed to allow the government to go after criminals who act overseas.

“Right now, almost every state has a different law on this, and it’s confusing for consumers and it’s confusing for companies—and it’s costly, too, to have to comply to this patchwork of laws,” Obama said. “Sometimes, folks don’t even find out their credit card information has been stolen until they see charges on their bill, and then it’s too late.”

2. New legislation to establish a “Consumer Privacy Bill of Rights.”

Elements of this legislation would include: the right to decide what personal data companies collect from consumers and how companies use that data; the right to know that personal information collected for one purpose can’t then be misused by a company for a different purpose; and the right to have information stored securely by companies  and they be accountable for its use.

The President said this legislation would be introduced towards the end of February.

3. New legislation called the “Student Digital Privacy Act.”

The purpose of this would be to ensure that data collected on students in the classroom should only be used for educational purposes.

Associated with this, the Department of Education will pursue a separate avenue to “offer new tools to help schools and teachers work with tech companies to protect the privacy of students.” Already, 75 companies have signed a “Student Privacy Pledge” in which they commit not to sell student information. Teachers and schools would be notified of other companies that do not sign.

4. The administration will encourage more banks, credit card issuers, and lenders to provide their customers with free access to their credit scores.

“The more we do to protect consumer information and privacy, the harder it is for hackers to damage our businesses and hurt our economy,” Obama said. “Meanwhile, the more companies strengthen their cyber security, the harder it is for hackers to steal consumer information and hurt American families.”

Among the companies mentioned that are taking part were four banks: JPMorgan Chase, Bank of America, USAA, and Ally Financial.

The President issued an executive order regarding cyber security last October. [Read “White House mandates cyber security via ‘BuySecure’” ] DanLINK

Industry reaction to speech

ABA President and CEO Frank Keating, responding to Obama’s FTC speech, said in a statement: “Banks invest hundreds of millions of dollars every year to put in place multiple layers of security to protect sensitive data. Protecting customers has always been and will remain our top priority. We look forward to working with the White House, members of Congress on both sides of the aisle, regulators, and the private sector to find common ground and better protect consumers and our critical infrastructures from cyber threats, data breaches, and fraud.”

Keating added that banks “are fully committed to protecting consumer data, notifying them in the event of a breach, and making our customers whole—regardless of where a breach occurs.”

The ABA leaders also said his association fully supported legislation that will facilitate increased cyber intelligence information sharing between the private and public sectors in a manner that protects consumer privacy and allows information sharing on serious threats to our critical infrastructures.”

Bankers involved in the BSA/AML area have complained in the past that federal talk of information sharing has tended to be a bit short on delivery.

In its statement the Financial Services Roundtable’s CEO, Tim Pawlenty, said, “while we applaud the push for a national data breach notification law, we urge the President to also support a data security standard so retail consumers are better protected.”

The Roundtable supports adoption of a national data breach notification law that would create a federal, uniform standard of notification to customers following a breach.

“While this is an important step to protect consumers, the financial industry is held to strict data security standards to ensure customers’ personal financial information is protected,” the Roundtable stated. “As such, any federal data breach notification law, like that called for by the President today, must ensure that all industries are held to equally-high data security standards to best protect consumers.”

Remarks by the President at the Federal Trade Commission

Fact Sheet: Safeguarding American Consumers & Families

White House blog and video on privacy

John Ginovsky

John Ginovsky is a contributing editor of Banking Exchange and editor of the publication’s Tech Exchange e-newsletter. For more than two decades he’s written about the commercial banking industry, specializing in its technological side and how it relates to the actual business of banking. In addition to his weekly blogs—"Making Sense of It All"—he contributes fresh, original stories to each Tech Exchange issue based on personal interviews or exclusive contributed pieces. He previously was senior editor for Community Banker magazine (which merged into ABA Banking Journal) and for ABA Banking Journal and was managing editor and staff reporter for ABA’s Bankers News. Email him at [email protected]

back to top


About Us

Connect With Us


Webinar: From KYC to IDV

How three leading banks are utilizing cutting-edge
digital tools to onboard, win, and wow customers

Time/Date: June 23, 2021 11:00 a.m. ET

Digital adoption, already moving at warp speed, accelerated seven years into the future during the COVID-19 pandemic. As the number of bank branches continues to fall, with at least one study predicting all branches will disappear by 2034 (Fox Business) and foot traffic declining (Vox), today’s most innovative banks are charting a new, digital-first path to win over customers while increasing security, meeting KYC compliance requirements, and winning customers to drive revenue.

In this webinar, you’ll hear from John Baird, Founder & CEO of Vouched, Tyler Crawford, COO of Bankers Healthcare Group, Anand Sathiyamurthy, CPO of Flagstar Bank and Daniel Sheehan, Chairman & CEO of Professional Bank as they describe their vision for digital transformation and how customer expectations are changing to digital first. They’ll also explore how fostering an innovation mindset creates new ways to tackle complex KYC problems and allows them to quickly compete in new markets and win customers.


This webinar is brought to you by:
Vouched Logo