Way back during the 2008 campaign, Barack Obama made a broad promise to strengthen privacy protections online and to hold both government and business accountable for violations.

The most concrete success on that front came in the final days of his presidency. On Oct. 27, the Federal Communications Commission adopted new rules that govern broadband internet service providers. These companies, such as Verizon and Comcast, sell high-speed connections to the web.

The new rules give customers more control over how their personal information is used and shared.

"It one of the biggest changes we've seen in years," said Jay Stanley, a senior analyst with the American Civil Liberties Union's program on speech, privacy and technology.

The rules put personal information into two boxes -- sensitive and non-sensitive. The first category includes Social Security numbers, web browsing history and precise physical location. Companies must get a positive opt-in from customers to use and share that data.

Non-sensitive information includes your email address and the level of service you're buying. Providers can share that information, but customers have the power to opt-out to block them.

Stanley said internet service providers had just begun to look at the marketing value of the information they had on their customers. The FCC rules put controls in place before they started to run with the idea.

The Obama administration was not particularly engaged in the rulemaking process, but it can take some credit for the outcome. The three Democratic-affiliated members of the FCC voted in favor of the rules. The two Republican affiliated members voted against.

Companies that violate the rule will face fines and penalties.

In 2012, the administration published the Consumer Privacy Bill of Rights. The measure says consumers have a right to expect that organizations will use their data for the same purpose they provided it, that their data will be handled responsibly and with limits, and that they can access it easily.

In May 2011, the White House unveiled a cybersecurity legislative proposal, which included proposals for protecting the nation's power grids and computer networks but also individuals' personal data. Ed Mierzwinski, consumer program director for the U.S. Public Interest Research Group, called it a "comprehensive and generally widely-praised" platform.

The law that emerged, the Cybersecurity Information Sharing Act of 2015, imposes limits on the use of information by federal and state governments as they ward off hackers and viruses, but some privacy advocates are wary. They worry that the limits might not be as tight as promised.

Obama said he would strengthen privacy protections and hold government and business accountable if they didn't respect those limits. The new rules on broadband internet service providers are the clearest move in that direction and while privacy advocates might have wanted more, they approve of the gains. We rate this as a Promise Kept.

In the 2008 campaign, President Barack Obama made a sweeping promise to safeguard the right to privacy, as well as more specific pledges such as mandating standards for companies to secure customers" personal data. Privacy in the digital age remains an open issue, likely to get attention this year from both the White House and the new Congress.

In May 2011, the White House unveiled its cybersecurity legislative proposal, which included proposals for protecting the nation's power grids and computer networks but also individuals' personal data. Ed Mierzwinski, consumer program director for the U.S. Public Interest Research Group, called it a "comprehensive and generally widely-praised” platform.

Obama also proposed a Consumer Privacy Bill of Rights, aimed at guiding both consumers and companies that handle private information.
   
The bill of rights says consumers have a right to expect that organizations will use their data for the same purpose they provided it, that their data will be handled responsibly and with limits, and that they can access is easily.
   
When the White House introduced the document in February 2012, it said that the U.S. Commerce Department would bring together companies, privacy and consumer advocates, technical experts and academics to establish specific practices or codes of conduct. The goal is for those codes to become legislation, but that hasn't happened yet.

"Special interests want to defeat any privacy law that might impact their wild-west use of personal information on the Internet and they also want dilute the impact of stronger pro-privacy efforts in Europe,” Mierzwinski said.
   
But personal data protection and cybersecurity are shaping up as priorities in the next Congress.
   
Congressional Quarterly Today reported in September that Rep. Zoe Lofgren, D-Calif., introduced two bills that address consumer privacy and Internet governance issues. One of the measures laid out proposals "to update electronic privacy law that predates the Internet so that consumer emails and electronic data are protected from unwarranted government surveillance.”
   
Neither bill passed, but CQ reported that Lofgren planned to reintroduce them in the 113th Congress.

The New York Times reported in January 2013 that tech companies are bracing for another fight -- and stepping up lobbying efforts -- after successfully fighting back new privacy laws in the previous Congress.
   
Obama also has reportedly drafted an executive order governing an array of cybersecurity issues. The move has drawn criticism from some Republicans, but it's a sign that tackling Internet privacy remains on the radar. We'll keep tabs on how this issue advances and keep our rating at In the Works.

On the campaign trail, President Barack Obama promised to do a better job of protecting citizens from identity theft and other dangers of the digital age.
 
"The open information platforms of the 21st century can also tempt institutions to violate the privacy of citizens," he wrote on his campaign Web site. "[I] will strengthen privacy protections for the digital age and will harness the power of technology to hold government and business accountable for violations of personal privacy."
 
Obama first ordered a review of cyberspace policies, an effort that culminated May 30 with the reslease of the Cyberspace Policy Review. Recommendations from the report involve everything from appointing a cybersecurity policy official to launching a public awareness campaign. (October, for example, was designated National Cybersecurity Awareness Month.)
 
On Dec. 22, Obama appointed Howard Schmidt take on the new role.
 
So, clearly, Obama is taking cybersecurity seriously. But it's a big promise and will take some time to complete. For now, we'll move this one to In the Works.