Davis amends IT security act in light of data breaches

Rep. Tom Davis (R-Va.) promised earlier this year to determine whether the Federal Information Security Management Act needs updating. Last week, he proposed the first of what likely will be a number of changes to the law.

Davis, chairman of the Government Reform Committee, along with Reps. Stephen Buyer (R-Ind.) and Deborah Pryce (R-Ohio), submitted a bill that would require the Office of Management and Budget to 'establish policies, procedures and standards for agencies to follow' in the event of a data breach involving personal information.

'We are always looking at FISMA to see if enhancements need to be made, but this was something that needed to move on a faster track,' said Government Reform Committee spokesman Robert White.

The legislation also includes a provision calling for the agency CIO to enforce data breach policies and defines sensitive personal information as essentially any information pertaining to an individual.

'We have seen too many recent examples when sensitive data has been lost or stolen, and agencies have moved too slowly to acknowledge the problem and take steps to limit the potential damage,' Davis said in a statement.

The bill follows an OMB memo issued earlier this month detailing the steps agencies must take to report data breaches. The bill takes OMB's memo one step further with its CIO provision.


  • 2020 Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected