OMB: Prepare now for data breaches

The Office of Management and Budget memo

Related Links

Each agency should assemble a core management team to plan and oversee the response to any data breach that could result in identity theft, according to a Sept. 20 memo from the Office of Management and Budget.

That recommendation is from a recent report of the Identity Theft Task Force of which Attorney General Alberto Gonzales is chairman. OMB distributed the report and its memo to agency leaders.

The task force recommended that the management teams include high-ranking officials who bring the necessary expertise in areas such as technology, privacy, law and law enforcement, -- all of which come into play in the event of data loss.

But rather than waiting for a breach to occur, the team should plan now for what steps they might take. “An important first step is responding to a breach is for agencies to engage in advance planning,” according to the Identity Theft Task Force report.

The report nearly coincided with the latest report of a potential data breach. On Sept. 21, the Commerce Department announced it has lost 1,137 laptop computers since 2001, and 249 of them contained personally identifiable information. Earlier this year, the Department of Veterans Affairs said that it lost information on millions of veterans.

The report advises agencies to take a methodical approach to responding to such events. The first step is to determine the actual level of risk, because not all data losses pose the same threat of identity theft.

Not every breach needs to be announced, because not every data loss could lead to identity theft. When every breach is announced, people have trouble distinguishing between serious and minor threats, the report states.

The task force also said announcements of data breaches should be timely, and a responsible agency official should break the news. The news should be concise and in plain language. The people affected by the breach should get the actual notice and be told what to do.

Agencies also should ensure that sources of accurate information are available for those affected. Without it, they can become frustrated, the task force memo states.

Featured

  • Federal 100 Awards
    Federal 100 logo

    Fed 100 nominations are now open

    Help us identify this year's outstanding individuals in federal IT.

  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.