House passes data breach bill

A bill that would require all federal agencies to strengthen their protection of sensitive information has passed the House and now moves on to the Senate.

The language is part of a larger bill, the Veterans Identity and Credit Security Act of 2006. Rep. Tom Davis (R-Va.), who introduced the measure applying to all agencies, said he will try to move the language separately if the Senate does not act on the bill.

Davis' legislation would amend the Federal Information Security Management Act, which Davis introduced and championed in 2002. The change directs the Office of Management and Budget to establish procedures for agencies to follow if personal information entrusted to an agency is lost or stolen. It also requires agencies to notify people whose personal information is jeopardized by a security breach and gives chief information officers the power to ensure that agency employees comply with information security laws.

The bill comes after a series of revelations about lost, stolen or exposed data from several agencies.

In a speech Davis delivered on the House floor Sept. 26, he noted that Congress has been working on security requirements for the private sector. "But federal agencies present unique requirements and challenges, and these incidents demonstrate that we need to strengthen the laws and rules protecting personal information held by federal agencies."

The Department of Veterans Affairs had the first widely publicized incident, when thieves stole a laptop computer and external hard drive from the home of an employee who had taken home the items, which contained personal data on more than 26 million veterans. Police later recovered the laptop computer, and the data appeared to have not been touched.

In light of the risk, Davis had his staff investigate the measures agencies take to protect such data. "The results are in, and they are troubling," he said in his floor statement. "We've learned that there have been a wide range of incidents involving data loss or theft, privacy breaches, and security incidents. In almost all of these cases, Congress and the public would not have learned each event unless we had requested the information. This history of withholding incidents has to stop."


  • Defense
    DOD photo by Senior Airman Perry Aston  11th Wing Public Affairs

    How DOD's executive exodus could affect tech modernization

    Back-to-back resignations raise concerns about how things will be run without permanent leadership in key areas from policy to tech development.

  • Budget
    cybersecurity (vs148/

    House's DHS funding bill would create public-private cyber center

    The legislation would give $2.25 billion to DHS' cyber wing and set up an integrated cybersecurity center with other agencies, state and local governments and private industry.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.