Davis urges Waxman to advance data breach bill

Data held by feds, vendors at risk

Related Links

Rep. Tom Davis (R-Va.), ranking member on the House Oversight and Government Reform Committee, wants to move forward a bill he introduced to limit the loss of sensitive personal information in light of new findings that the Veterans Affairs Department is missing 53 computers from several locations.

Davis requested today in a letter to committee Chairman Henry Waxman (D-Calif.) that he bring the Federal Agency Data Breach Protection Act before the full committee to vote on so it can move to the House for consideration.

One of the provisions of Davis’ bill would require that agencies ensure that equipment containing potentially sensitive information is accounted for and secure.

The Office of Management and Budget has provided agencies with guidance to protect data and report breaches but no details about notifying potential victims.

“Currently, no requirement exists that agencies notify citizens whose personal information may have been compromised,” Davis stated in his letter.

Earlier this week, the Government Accountability Office said it discovered that the computers were missing, along with other information technology equipment, as a result of its examination of VA inventory controls of IT at four locations nationwide.

The computers may contain personally identifiable information, but it is not known at this time, Robert Howard, VA chief information officer, said at a hearing about the GAO report.

Waxman and Davis worked together last year to collect information about data breaches from all major agencies and released the findings of a wide range of privacy and security incidents.

“In almost all these cases, Congress and the public would not have learned of each event had you and I had not requested the information,” Davis wrote.
The committee spokeswoman had not as yet returned calls about the chairman's plans for the bill.

Davis’ bill would direct the Office of Management and Budget to establish practices and standards for informing citizens of lost data and would provide a clear definition of the type of sensitive information to which the law would apply. It also would give agency chief information officers authority to ensure that workers comply with data security laws.

This bill is identical to one Davis introduced last year that was incorporated into the Veterans Identity and Credit Security Act, which passed the House in September 2006. It addresses concerns raised when a Veterans Affairs Department employee reported the theft of a laptop computer from his home that contained personal information on millions of veterans. VA leaders delayed acting on the report for almost two weeks, leaving those veterans at risk of identity theft and other crimes.

Featured

  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.