Davis amends IT security act in light of data breaches

Rep. Tom Davis (R-Va.) promised earlier this year to determine whether the Federal Information Security Management Act needs updating. Last week, he proposed the first of what likely will be a number of changes to the law.

Davis, chairman of the Government Reform Committee, along with Reps. Stephen Buyer (R-Ind.) and Deborah Pryce (R-Ohio), submitted a bill that would require the Office of Management and Budget to 'establish policies, procedures and standards for agencies to follow' in the event of a data breach involving personal information.

'We are always looking at FISMA to see if enhancements need to be made, but this was something that needed to move on a faster track,' said Government Reform Committee spokesman Robert White.

The legislation also includes a provision calling for the agency CIO to enforce data breach policies and defines sensitive personal information as essentially any information pertaining to an individual.

'We have seen too many recent examples when sensitive data has been lost or stolen, and agencies have moved too slowly to acknowledge the problem and take steps to limit the potential damage,' Davis said in a statement.

The bill follows an OMB memo issued earlier this month detailing the steps agencies must take to report data breaches. The bill takes OMB's memo one step further with its CIO provision.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected