WASHINGTON—The Obama administration proposed cyber security legislation on Thursday to improve protection for individuals as well as the federal government's networks and computers.

Elements of the administration's proposal include:

•National data breach reporting. The administration said its proposal would help businesses “by simplifying and standardizing the existing patchwork of 47 state laws that contain these requirements.”

•Penalties for computer criminals. The administration said laws imposing penalties for computer crime penalties are not fully synchronized with other types of crime. Its cyber security plan “clarifies the penalties for computer crimes, synchronizes them with other crimes, and sets mandatory minimums for cyber intrusions into critical infrastructure,” the administration said in a statement.

•Voluntary government assistance. The administration proposal would enable the Department of Homeland Security to provide quick assistance to the industry as well as state and local governments when they seek it and “clarifies the type of assistance it can provide.”

•Voluntary information-sharing. The Obama administration said the proposed legislation clarifies that the industry, states and local governments can share information about cyber threats or incidents with the DHS, and would give them immunity for doing so.

•Critical infrastructure plans. The administration said its proposal “emphasizes transparency to help market forces ensure that critical infrastructure operators are accountable for their cyber security.”

Core operators

“The administration proposal requires DHS to work with industry to identify the core critical infrastructure operators and to prioritize the most important cyber threats and vulnerabilities for those operators,” the administration said in the statement.

“Critical infrastructure operators would develop their own frameworks for addressing cyber threats. Then, each critical infrastructure operator would have a third-party commercial audit assess its cyber security risk mitigation plans. Operators who already are required to report to the Securities and Exchange Commission also would have to certify that their plans are sufficient,” according to the statement.

Discussing the issue of ensuring an individual's privacy and civil liberties, the administration said private-sector, state and local government immunity “is conditioned on its compliance with the requirements of the proposal.”

Possible issues

The proposal comes after Sony Corp.'s recent data breaches, in which hackers accessed more than 100 million consumer accounts this month. In a Tuesday blog to its PlayStation Network Users, Sony said it will “likely be at least a few more days” before service is restored.

Discussing the administration proposal, Joseph Lazzarotti, a partner with law firm Jackson Lewis L.L.P. in White Plains, N.Y., said, “It looks like this is in response to the Sony breaches” and possibly other recent breaches.

From the business perspective, he said, it is interesting that there is going to be an attempt by the president to at least “push a national standard. They're trying to streamline the process,” recognizing that having 47 state standards complicates the process, Mr. Lazzarotti said.

“The idea of a national standard is a good one,” he said. However, legislation has been held up in this area over the issues of pre-empting state law.

Furthermore “there appears to be some turf battle” over the question of which federal agency and which Congressional committee would have jurisdiction, Mr. Lazzarotti said.

Another issue, said Mr. Lazzarotti, is defining what voluntary government assistance means. “Will companies want to have the government involved with that? Is it just the government creating guidelines,” he said, or some sort of task forcee, that will provide resources businesses can tap into?

Another bill introduced

Separately, Sen. Jay Rockefeller, D-W.Va., chairman of the Senate Committee on Commerce and Transportation, introduced the Do-Not-Track Online Act of 2011 on Monday.

The legislation, S.B. 93, is similar to a bill introduced by Rep. Jackie Speier, D-Calif., in February and would give consumers the ability to opt out of having their online activities tracked by Internet companies.

“Recent reports of privacy invasion have made it imperative that we do more to put consumers in the driver's seat when it comes to their personal information,” Sen. Rockefeller said in a statement.