Mr Obama called for legislation that will require firms to inform customers of data breaches within 30 days as well as protect students' information.
He said identify theft and other cyber attacks were a "direct threat to the economic security" of Americans.
But shortly after his speech, the Twitter account for the US military's Central Command was hacked.
The attack appears to not have exposed any non-public information but is described as embarrassing for the Pentagon.
Mr Obama's proposals come after a year in which many large US retailers, including Target, Home Depot, Staples and Sears, were hit by cyber-thieves keen to scoop up payment-card data.
In a speech previewing his annual State of the Union speech, Mr Obama urged Congress to pass a nationwide law to require firm to inform customers within 30 days if their data has been hacked and make it a crime to sell customers' identities overseas.Retailer Target was just one of several US stores to suffer large-scale data breaches
Currently, different states have different disclosure regimes, many of which are more than 10 years old.
"As we've all been reminded over the past year, including the hack of Sony, this extraordinary interconnection creates enormous opportunities, but also creates enormous vulnerabilities for us as a nation and for our economy, and for individual families," Mr Obama said.
"This is a direct threat to the economic security of American families and we need to stop it... If we are going to be connected, we need to be protected."
He also asked Congress to pass in legislation form a "Consumer Privacy Bill of Rights" created by the White House in 2012, designed to further allow consumers to determine how their information is used by firms online.
Mr Obama also proposed more access to consumer credit reporting and a law that would prohibit educational software firms from selling student data to third parties.