On October 17, President Barack Obama signed an Executive Order addressing the growing concerns over data security in the United States. One of the most notable aspects of the Order is its requirement that all federally-issued credit and debit cards include chip-and-PIN technology. The chip-and-PIN technology enhances the security of the more traditional magnetic strip cards by replacing the magnetic strip with a computer chip that uses cryptography to protect data contained within the card. While the Order only applies to those cards issued by the federal government, several private sector companies, including Target, Wal-Mart, and Home Depot, have agreed to implement chip-and PIN technology starting in 2015.
The Order also addresses the need for improved resources for identity theft victims following a data breach. It orders federal agencies with publicly available resources for victims of identity theft to share such information with the FTC, so that the FTC can continue to develop and streamline these resources at its website for identity theft victims, IdentityTheft.gov.
In conjunction with signing the Order, Obama called on Congress to pass data breach legislation, writing in a statement that “[t]he current patchwork of laws governing a company’s obligations in the event of a data breach is unsustainable, and helps no one.” While members of the Senate have proposed several cybersecurity and data breach bills, Congress has yet to enact any of these bills into law.