Davis urges Waxman to advance data breach bill

Data held by feds, vendors at risk

Related Links

Rep. Tom Davis (R-Va.), ranking member on the House Oversight and Government Reform Committee, wants to move forward a bill he introduced to limit the loss of sensitive personal information in light of new findings that the Veterans Affairs Department is missing 53 computers from several locations.

Davis requested today in a letter to committee Chairman Henry Waxman (D-Calif.) that he bring the Federal Agency Data Breach Protection Act before the full committee to vote on so it can move to the House for consideration.

One of the provisions of Davis’ bill would require that agencies ensure that equipment containing potentially sensitive information is accounted for and secure.

The Office of Management and Budget has provided agencies with guidance to protect data and report breaches but no details about notifying potential victims.

“Currently, no requirement exists that agencies notify citizens whose personal information may have been compromised,” Davis stated in his letter.

Earlier this week, the Government Accountability Office said it discovered that the computers were missing, along with other information technology equipment, as a result of its examination of VA inventory controls of IT at four locations nationwide.

The computers may contain personally identifiable information, but it is not known at this time, Robert Howard, VA chief information officer, said at a hearing about the GAO report.

Waxman and Davis worked together last year to collect information about data breaches from all major agencies and released the findings of a wide range of privacy and security incidents.

“In almost all these cases, Congress and the public would not have learned of each event had you and I had not requested the information,” Davis wrote.
The committee spokeswoman had not as yet returned calls about the chairman's plans for the bill.

Davis’ bill would direct the Office of Management and Budget to establish practices and standards for informing citizens of lost data and would provide a clear definition of the type of sensitive information to which the law would apply. It also would give agency chief information officers authority to ensure that workers comply with data security laws.

This bill is identical to one Davis introduced last year that was incorporated into the Veterans Identity and Credit Security Act, which passed the House in September 2006. It addresses concerns raised when a Veterans Affairs Department employee reported the theft of a laptop computer from his home that contained personal information on millions of veterans. VA leaders delayed acting on the report for almost two weeks, leaving those veterans at risk of identity theft and other crimes.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.