Report: Align disparate security regs before imposing more

As Congress considers legislation to impose more data security requirements, the lawmakers should first figure out how to align existing regulations, according to a report from the Congressional Research Service.

A patchwork of federal and state laws already requires organizations to safeguard sensitive and personally identifiable information and to notify persons affected by a breach of their personal data, said Gina Marie Stevens, legislative attorney in CRS’ American law division.

“An important issue to be addressed is harmonization of these various laws in order to provide uniform protections for personal information not dependent on the owner of the information or the category of information involved,” she said in the report dated July 31, but posted recently.

Federal agencies must adhere to provisions of information security in the Privacy Act, the Federal Information Security Management Act along with guidance from the Office of Management and Budget to prevent and respond to data breaches. The Veterans Affairs Information Security Act adds data security, privacy, notification and credit protection in particular for veterans and their dependents. The Health Insurance Portability and Accountability Act governs health data privacy and security.

Information security standards aim to protect personally identifiable information from unauthorized disclosure, access and acquisition. Data security breaches happen when fraudulent accounts are created, laptop or desktop computers are stolen or hacked, passwords are compromised, insiders or employees steal data, or discs or backup tapes are misplaced, the report notes.

Among the data security bills that Congress may consider when it returns to work Sept. 4 is the Federal Agency Data Breach Protection Act introduced by Rep. Tom Davis (R-Va.), ranking member on the House Oversight and Government Reform Committee, and a Senate version introduced by Sen. Norm Coleman (R-Minn.), a member of the Senate Homeland Security and Governmental Affairs Committee.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.