OMB: Prepare now for data breaches

The Office of Management and Budget memo

Related Links

Each agency should assemble a core management team to plan and oversee the response to any data breach that could result in identity theft, according to a Sept. 20 memo from the Office of Management and Budget.

That recommendation is from a recent report of the Identity Theft Task Force of which Attorney General Alberto Gonzales is chairman. OMB distributed the report and its memo to agency leaders.

The task force recommended that the management teams include high-ranking officials who bring the necessary expertise in areas such as technology, privacy, law and law enforcement, -- all of which come into play in the event of data loss.

But rather than waiting for a breach to occur, the team should plan now for what steps they might take. “An important first step is responding to a breach is for agencies to engage in advance planning,” according to the Identity Theft Task Force report.

The report nearly coincided with the latest report of a potential data breach. On Sept. 21, the Commerce Department announced it has lost 1,137 laptop computers since 2001, and 249 of them contained personally identifiable information. Earlier this year, the Department of Veterans Affairs said that it lost information on millions of veterans.

The report advises agencies to take a methodical approach to responding to such events. The first step is to determine the actual level of risk, because not all data losses pose the same threat of identity theft.

Not every breach needs to be announced, because not every data loss could lead to identity theft. When every breach is announced, people have trouble distinguishing between serious and minor threats, the report states.

The task force also said announcements of data breaches should be timely, and a responsible agency official should break the news. The news should be concise and in plain language. The people affected by the breach should get the actual notice and be told what to do.

Agencies also should ensure that sources of accurate information are available for those affected. Without it, they can become frustrated, the task force memo states.

Featured

  • Cybersecurity
    secure network (bluebay/Shutterstock.com)

    Federal CISO floats potential for new supply chain regs

    The federal government's top IT security chief and canvassed industry for feedback on how to shape new rules of the road for federal acquisition and procurement.

  • People
    DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

    DHS chief Nielsen resigns

    Kirstjen Nielsen, the first Homeland Security secretary with a background in cybersecurity, is being replaced on an acting basis by the Customs and Border Protection chief. Her last day is April 10.

  • Management
    workflow (Urupong Phunkoed/Shutterstock.com)

    House Dems oppose White House reorg plan

    The White House's proposal to reorganize and shutter the Office of Personnel Management hit a major snag, with House Oversight Democrats opposing any funding of the plan.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.