President Barack Obama has outlined plans to require companies that suffer data breaches to alert affected customers within 30 days.
The proposed legislation is designed to end the patchwork of different state laws that firms currently have to comply with on letting Americans know when their information has been stolen or misused.
Obama revealed the plan during a speech on cyber security at the Federal Trade Commission ahead of his State of the Union address next week.
"In recent breaches, more than 100 million Americans have had their personal data compromised, like credit card information. When these cyber criminals start racking up charges on your card, it can destroy your credit rating. It can turn your life upside down. It may take you months to get your finances back in order. So this is a direct threat to the economic security of American families and we've got to stop it," said the president.
The current laws on notifying people about breaches are confusing for consumers and for companies, as well as expensive, said Obama, adding: "Sometimes, folks don’t even find out their credit card information has been stolen until they see charges on their bill, and then it’s too late."
The speech also promised to close unidentified legal loopholes that help cooks who steal and sell American identities evade justice, while Obama welcomed the growing movement among banks, credit card issuers and lenders to provide customers with free access to their credit scores.
Responding to the speech, Frank Keating, president, American Bankers Association, said: "Our industry shares the president’s commitment to protecting the security and privacy of Americans’ personal information, and we appreciate the White House’s engagement on this critical issue. Banks are fully committed to protecting consumer data, notifying them in the event of a breach and making our customers whole -- regardless of where a breach occurs."