Davis amends IT security act in light of data breaches

Rep. Tom Davis (R-Va.) promised earlier this year to determine whether the Federal Information Security Management Act needs updating. Last week, he proposed the first of what likely will be a number of changes to the law.

Davis, chairman of the Government Reform Committee, along with Reps. Stephen Buyer (R-Ind.) and Deborah Pryce (R-Ohio), submitted a bill that would require the Office of Management and Budget to 'establish policies, procedures and standards for agencies to follow' in the event of a data breach involving personal information.

'We are always looking at FISMA to see if enhancements need to be made, but this was something that needed to move on a faster track,' said Government Reform Committee spokesman Robert White.

The legislation also includes a provision calling for the agency CIO to enforce data breach policies and defines sensitive personal information as essentially any information pertaining to an individual.

'We have seen too many recent examples when sensitive data has been lost or stolen, and agencies have moved too slowly to acknowledge the problem and take steps to limit the potential damage,' Davis said in a statement.

The bill follows an OMB memo issued earlier this month detailing the steps agencies must take to report data breaches. The bill takes OMB's memo one step further with its CIO provision.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/Shutterstock.com)

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.