President Obama proposed new legislation that would standardize rules for companies reporting credit card compromise to their customers. The "Personal Data Notification and Protection Act” (if enacted by Congress) would require that companies inform their customers within 30 days after discovering an attack.
In the US, statutes related to reporting cybercrime are typically defined at the state level, meaning that the country has a confusing muddle of different laws with different requirements and protections. The situation is especially confusing for a consumer doing business with a company in another state. The law proposed by the president would provide uniform requirements for consumer protection.
Some consumer advocates have pointed out that, although the law would raise the notification requirements for several states, for other states, the federal law will be less strict than laws already in place. The intent of the law is apparently to set a minimum that would then allow states to set stricter requirements, but some advocates are waiting for the details before voicing support for the initiative.
President Obama also proposed the Student Data Privacy Act, which would restrict the ability of technology companies to profit from data mining students using Internet-connected devices in educational settings.