Report: Align disparate security regs before imposing more

As Congress considers legislation to impose more data security requirements, the lawmakers should first figure out how to align existing regulations, according to a report from the Congressional Research Service.

A patchwork of federal and state laws already requires organizations to safeguard sensitive and personally identifiable information and to notify persons affected by a breach of their personal data, said Gina Marie Stevens, legislative attorney in CRS’ American law division.

“An important issue to be addressed is harmonization of these various laws in order to provide uniform protections for personal information not dependent on the owner of the information or the category of information involved,” she said in the report dated July 31, but posted recently.

Federal agencies must adhere to provisions of information security in the Privacy Act, the Federal Information Security Management Act along with guidance from the Office of Management and Budget to prevent and respond to data breaches. The Veterans Affairs Information Security Act adds data security, privacy, notification and credit protection in particular for veterans and their dependents. The Health Insurance Portability and Accountability Act governs health data privacy and security.

Information security standards aim to protect personally identifiable information from unauthorized disclosure, access and acquisition. Data security breaches happen when fraudulent accounts are created, laptop or desktop computers are stolen or hacked, passwords are compromised, insiders or employees steal data, or discs or backup tapes are misplaced, the report notes.

Among the data security bills that Congress may consider when it returns to work Sept. 4 is the Federal Agency Data Breach Protection Act introduced by Rep. Tom Davis (R-Va.), ranking member on the House Oversight and Government Reform Committee, and a Senate version introduced by Sen. Norm Coleman (R-Minn.), a member of the Senate Homeland Security and Governmental Affairs Committee.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.