The 30-day notice in Obama’s hacking law isn’t enough: Michael Sobol

President Barack Obama wants Congress to pass a new law that would require companies to¬†inform customers within 30 days when their personal information — such as Social Security numbers — is exposed.

Forty-seven states have their own data breach notification laws, which vary widely. Pennsylvania requires companies notify customers “without unreasonable delay” but the government isn’t notified.

How does one define “unreasonable delay”? Additionally, only information in electronic format is covered. Writing your social security number on paper forms that aren’t shredded could result in your being exposed and you wouldn’t be notified.

A November 2014 Pew Poll noted that 91 percent of Americans feel they’ve lost control of their personal information.

Once you share your information, will company employees be as diligent with guarding your information as you?

According to Experian’s Data Breach Resolution group, 80 percent of data breaches are rooted in employee negligence/error. Why don’t companies implement better security?

From the data-breaches last year at Target, JP Morgan, Ebay, Home Depot, Sony, and Staples, more than 400 million people were exposed. Our country’s population is 320 million.

Potentially every person in the country suffered from insufficient security practices of companies with whom we do business.

Not too many years ago, a local medical institution’s flood cleanup service removed the main computer instead of destroying the machine on-site. Patients’ medical and financial information was on the computer.

Patients were told after the fact, to execute a fraud alert on their credit. Fraud alerts last for 90 days and require creditors to contact us by phone before extending a new line of credit. What happens after the 90 days expire?

Some hacked businesses appease us by offering “free” credit monitoring for a limited time. That’s a nice gesture, but what happens when the credit monitoring expires? Will criminals wait to employ our personal data until the expiration?

We are “required” to give personal information when receiving medical care, banking services, purchases, and interacting with government.

Since history reveals their inability to protect our information, shouldn’t they fund credit monitoring and protection services for their consumers including Fraud Alerts and Security Freezes?

A Fraud Alert is a yellow flag attached to one’s credit file informing lenders they should take special precautions to ensure our identity before extending credit. We can provide a phone number enabling lenders to verify you and not a fraudster is applying for credit.

Fraud Alerts are free but you must remember to renew them every 90 days. Purchasing a credit monitoring service can provide automatic renewals.

A Security/Credit Freeze prevents lenders from viewing your credit file meaning your credit can’t be extended to anyone.

If you wish to increase your credit or open a new card, you’ll need to take special actions and then reapply the freeze. There is a $10 application fee and $10 fee for each future change. You must send an application to all three credit bureaus.

The proposed 30-day notice in Obama’s law really does little to protect us, but gives hackers a 30-day grace period to do financial damage to unsuspecting people.

We need a law that really protects us from data negligence by offering real-time “nationwide credit-monitoring” giving every person “free” fraud alerts that automatically renew. Credit Freezes should be included for people who desire that level of protection.

The cost of providing these services could be borne by every business or agency requiring us to share personal data. Spreading the cost out over all these companies would make the financial impact on them negligible.

Since data breaches cost the American public and businesses billions of dollars every year, this investment in a nationwide credit monitoring would save consumers and business money!