Bill Would Require U.S. Agencies To Disclose Theft Of Sensitive Data - InformationWeek
IoT
IoT
Infrastructure
News
9/25/2006
05:11 PM
50%
50%
RELATED EVENTS
Moving UEBA Beyond the Ground Floor
Sep 20, 2017
This webinar will provide the details you need about UEBA so you can make the decisions on how bes ...Read More>>

Bill Would Require U.S. Agencies To Disclose Theft Of Sensitive Data

The House panel chairman warns of stiffer legislation if the administration's procedures aren't forthcoming.

Legislation that would require federal agencies to disclose data breaches involving sensitive information was introduced in the House Monday by Rep. Tom Davis, R.-Va., chairman of the House Government Reform Committee. Such a bill would put government agencies on par with businesses, which are required by a patchwork of state laws to notify their customers in such cases.

The measure, HR 6163, would amend the Federal Information Security Management Act to direct the White House Office of Management and Budget to establish procedures for agencies to follow if personal information is lost or stolen. The legislation also would require that individuals be notified if their personal information could be compromised by a breach of data security at a federal agency. Agency CIOs would be expected to ensure that their staffs comply with information security laws and that equipment containing sensitive information is accounted for and secured.

Davis, whose committee oversees government IT, warned that tougher measures could come if the administration doesn't act swiftly. "This bill is a first step," Davis said in a statement. "If new policies and procedures are not forthcoming quickly, or if they lack the teeth to get the job done, I will revisit this matter with additional legislation."

The legislation was prompted by the theft of a laptop PC and external hard drive that contained personal data such as names, birth dates, and Social Security numbers on 26.5 million veterans and military personnel from the home of a Department of Veterans Affairs analyst in May. The devices were recovered nearly two months later, with the data apparently not accessed.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll