Davis proposes changes to FISMA reporting

Rep. Tom Davis yesterday introduced legislation that would institute stricter requirements in how federal agencies report data breaches.

The Virginia Republican and chairman of the Government Reform Committee submitted legislation, along with Reps. Stephen Buyer (R-Ind.) and Deborah Pryce (R-Ohio), that would require the Office of Management and Budget to "establish policies, procedures and standards for agencies to follow" in the event of a data breach involving personal information.

The legislation also includes a provision calling for the agency CIO to enforce data breach policies and defines sensitive personal information as any information contained in a record. The U.S. Code defines a record as: "any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, his education, financial transactions, medical history, and criminal or employment history, and that contains his name or the identifying number, symbol, or other identifying particular assigned to the individual, such as a finger or voice print or a photograph. "

"We have seen too many recent examples when sensitive data has been lost or stolen, and agencies have moved too slowly to acknowledge the problem and take steps to limit the potential damage," Davis said in a statement.

The bill follows an OMB memo issued last week detailing the steps agencies must take to report data breaches. The bill takes OMB's memo one step further with its CIO provision.

Davis' bill also comes as the House Veterans' Affairs Committee, of which Buyer is chairman, is marking up legislation today that was drafted in cooperation with the Government Reform committee to accelerate improvements in information security at the Veterans Affairs Department.

The Veterans Identity and Credit Protection Act would require prompt notification of data breaches, centralize IT management including enforcement, and define responsibilities within VA for the regular reporting of its adherence to federal information security standards.

"I am pleased to have worked with chairman Davis, and appreciate his leadership in making these key changes to FISMA, which should help federal agencies more effectively manage information security,' Buyer said.

There is no Senate companion bill, said Government Reform Committee spokesman Robert White.

White also added that the FISMA bill would complement other data breach legislation that deals with private-sector breach notification and enforcement.


  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected