On Monday, President Obama proposed a new federal law requiring businesses to notify customers that their personal information has been compromised within 30 days of a security breach being discovered.
The law, known as the Personal Data Notification & Protection Act, would serve as a replacement for the many different state-level consumer protection laws currently at work in the United States.
"Right now, almost every state has a different law on this and it's confusing for consumers and it's confusing for companies and it's costly to have to comply with this patchwork of laws," said President Obama in a speech to the Federal Trade Commission. "Sometimes folks don't even find out their credit card information has been stolen until they see charges on their bill and then it's too late."
According to The Wall Street Journal, companies are generally in favor of the new law because it will make adhering to regulations simpler. However, they are also questioning whether 30 days is a reasonable timeframe in which to report a data breach. One security official told the journal that in some situations it could take a company months to determine the extent of a breach and what information was compromised.
The President is expected to elaborate on his plan for the new law during his State of the Union address later this month.
Take this opportunity to upgrade your company's credit card payment processor and make sure you're using a secure system to protect your customers' private information. It's much less costly to strengthen your security as a precautionary measure than it is to clean up the mess that a data breach inevitably creates.