Bill Would Require U.S. Agencies To Disclose Theft Of Sensitive Data - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Infrastructure

Bill Would Require U.S. Agencies To Disclose Theft Of Sensitive Data

The House panel chairman warns of stiffer legislation if the administration's procedures aren't forthcoming.

Legislation that would require federal agencies to disclose data breaches involving sensitive information was introduced in the House Monday by Rep. Tom Davis, R.-Va., chairman of the House Government Reform Committee. Such a bill would put government agencies on par with businesses, which are required by a patchwork of state laws to notify their customers in such cases.

The measure, HR 6163, would amend the Federal Information Security Management Act to direct the White House Office of Management and Budget to establish procedures for agencies to follow if personal information is lost or stolen. The legislation also would require that individuals be notified if their personal information could be compromised by a breach of data security at a federal agency. Agency CIOs would be expected to ensure that their staffs comply with information security laws and that equipment containing sensitive information is accounted for and secured.

Davis, whose committee oversees government IT, warned that tougher measures could come if the administration doesn't act swiftly. "This bill is a first step," Davis said in a statement. "If new policies and procedures are not forthcoming quickly, or if they lack the teeth to get the job done, I will revisit this matter with additional legislation."

The legislation was prompted by the theft of a laptop PC and external hard drive that contained personal data such as names, birth dates, and Social Security numbers on 26.5 million veterans and military personnel from the home of a Department of Veterans Affairs analyst in May. The devices were recovered nearly two months later, with the data apparently not accessed.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

News
How CIO Roles Will Change: The Future of Work
Jessica Davis, Senior Editor, Enterprise Apps,  7/1/2021
Commentary
A Strategy to Aid Underserved Communities and Fill Tech Jobs
Joao-Pierre S. Ruth, Senior Writer,  7/9/2021
Slideshows
10 Ways AI and ML Are Evolving
Lisa Morgan, Freelance Writer,  6/28/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Video
Current Issue
Slideshows
Flash Poll