Lawmakers act on data security bills

Security bill that hardens FISMA passes

Related Links

Rep. Tom Davis (R-Va.), ranking member on the House Oversight and Government Reform Committee, introduced a bill today that would require agencies to better protect the sensitive data they collect and promptly notify those whose data is lost or stolen.

The Federal Agency Data Breach Protection Act directs the Office of Management and Budget to establish practices and standards for informing citizens of lost data and provides a clear definition of the type of sensitive information to which the law would apply.

In addition, it gives agency chief information officers authority to ensure that workers comply with data security laws.

“Secure information is the lifeblood of effective government policy and management, yet federal agencies continue to hemorrhage vital data,” Davis said. "It is our duty to ask what is being done to protect the sensitive information of millions of Americans and how we can limit the damage when personal data is lost or stolen."

This bill is identical to one Davis introduced last year that was incorporated into the Veterans Identity and Credit Security Act, which passed the House in September 2006. It addresses concerns raised when a Veterans Affairs Department employee reported the theft from his home of a laptop computer that contained personal information on millions of veterans. VA leaders delayed acting on the report for almost two weeks, leaving those veterans at risk of identity theft and other crimes.

In Davis’ most recent annual report card last month on how well agencies protect sensitive information and adhere to the Federal Information Security Management Act of 2002, the government overall garnered a C-, but several agencies, including the Homeland Security Department, received F's.

Davis’ bill would amend FISMA to:
• Clarify the authority an agency head could delegate to the CIO.
• Require agencies to establish data breach notification procedures in line with OMB policies, procedures and standards.
• Authorize agencies to establish polices and procedures for accounting for all federal personal property assigned to departing employees.
• Define sensitive personal information.

Also today, the Senate Judiciary Committee approved two data security bills. The Notification of Risk to Personal Data Act, which Sen. Dianne Feinstein (D-Calif.) introduced, would protect individuals from identity theft by requiring agencies and businesses to notify consumers in the event of a security breach that exposes their personal data. The committee approved another, more comprehensive data privacy bill, the Personal Data Privacy and Security Act of 2007 sponsored by Committee Chairman Sen. Patrick Leahy (D-Vt.) and Sen. Arlen Specter (R-Pa.), ranking Republican, with notification provisions identical to those in Feinstein’s legislation.

Last year, Feinstein’s data breach notification measure was included as part of a comprehensive data privacy bill that passed the Judiciary Committee but did not get Senate floor action.

Featured

  • Cybersecurity
    secure network (bluebay/Shutterstock.com)

    Federal CISO floats potential for new supply chain regs

    The federal government's top IT security chief and canvassed industry for feedback on how to shape new rules of the road for federal acquisition and procurement.

  • People
    DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

    DHS chief Nielsen resigns

    Kirstjen Nielsen, the first Homeland Security secretary with a background in cybersecurity, is being replaced on an acting basis by the Customs and Border Protection chief. Her last day is April 10.

  • Management
    workflow (Urupong Phunkoed/Shutterstock.com)

    House Dems oppose White House reorg plan

    The White House's proposal to reorganize and shutter the Office of Personnel Management hit a major snag, with House Oversight Democrats opposing any funding of the plan.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.