Report: Align disparate security regs before imposing more

As Congress considers legislation to impose more data security requirements, the lawmakers should first figure out how to align existing regulations, according to a report from the Congressional Research Service.

A patchwork of federal and state laws already requires organizations to safeguard sensitive and personally identifiable information and to notify persons affected by a breach of their personal data, said Gina Marie Stevens, legislative attorney in CRS’ American law division.

“An important issue to be addressed is harmonization of these various laws in order to provide uniform protections for personal information not dependent on the owner of the information or the category of information involved,” she said in the report dated July 31, but posted recently.

Federal agencies must adhere to provisions of information security in the Privacy Act, the Federal Information Security Management Act along with guidance from the Office of Management and Budget to prevent and respond to data breaches. The Veterans Affairs Information Security Act adds data security, privacy, notification and credit protection in particular for veterans and their dependents. The Health Insurance Portability and Accountability Act governs health data privacy and security.

Information security standards aim to protect personally identifiable information from unauthorized disclosure, access and acquisition. Data security breaches happen when fraudulent accounts are created, laptop or desktop computers are stolen or hacked, passwords are compromised, insiders or employees steal data, or discs or backup tapes are misplaced, the report notes.

Among the data security bills that Congress may consider when it returns to work Sept. 4 is the Federal Agency Data Breach Protection Act introduced by Rep. Tom Davis (R-Va.), ranking member on the House Oversight and Government Reform Committee, and a Senate version introduced by Sen. Norm Coleman (R-Minn.), a member of the Senate Homeland Security and Governmental Affairs Committee.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.