Report: Align disparate security regs before imposing more

As Congress considers legislation to impose more data security requirements, the lawmakers should first figure out how to align existing regulations, according to a report from the Congressional Research Service.

A patchwork of federal and state laws already requires organizations to safeguard sensitive and personally identifiable information and to notify persons affected by a breach of their personal data, said Gina Marie Stevens, legislative attorney in CRS’ American law division.

“An important issue to be addressed is harmonization of these various laws in order to provide uniform protections for personal information not dependent on the owner of the information or the category of information involved,” she said in the report dated July 31, but posted recently.

Federal agencies must adhere to provisions of information security in the Privacy Act, the Federal Information Security Management Act along with guidance from the Office of Management and Budget to prevent and respond to data breaches. The Veterans Affairs Information Security Act adds data security, privacy, notification and credit protection in particular for veterans and their dependents. The Health Insurance Portability and Accountability Act governs health data privacy and security.

Information security standards aim to protect personally identifiable information from unauthorized disclosure, access and acquisition. Data security breaches happen when fraudulent accounts are created, laptop or desktop computers are stolen or hacked, passwords are compromised, insiders or employees steal data, or discs or backup tapes are misplaced, the report notes.

Among the data security bills that Congress may consider when it returns to work Sept. 4 is the Federal Agency Data Breach Protection Act introduced by Rep. Tom Davis (R-Va.), ranking member on the House Oversight and Government Reform Committee, and a Senate version introduced by Sen. Norm Coleman (R-Minn.), a member of the Senate Homeland Security and Governmental Affairs Committee.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected