Davis amends IT security act in light of data breaches
- By Jason Miller
- Jul 21, 2006
Rep. Tom Davis (R-Va.) promised earlier this year to determine whether the Federal Information Security Management Act needs updating. Last week, he proposed the first of what likely will be a number of changes to the law.
Davis, chairman of the Government Reform Committee, along with Reps. Stephen Buyer (R-Ind.) and Deborah Pryce (R-Ohio), submitted a bill that would require the Office of Management and Budget to 'establish policies, procedures and standards for agencies to follow' in the event of a data breach involving personal information.
'We are always looking at FISMA to see if enhancements need to be made, but this was something that needed to move on a faster track,' said Government Reform Committee spokesman Robert White.
The legislation also includes a provision calling for the agency CIO to enforce data breach policies and defines sensitive personal information as essentially any information pertaining to an individual.
'We have seen too many recent examples when sensitive data has been lost or stolen, and agencies have moved too slowly to acknowledge the problem and take steps to limit the potential damage,' Davis said in a statement.
The bill follows an OMB memo issued earlier this month detailing the steps agencies must take to report data breaches. The bill takes OMB's memo one step further with its CIO provision.