Davis bill would tighten FISMA regs
- By Mary Mosquera
- Sep 25, 2006
House Government Reform Committee chairman Rep. Tom Davis (R-Va.) today introduced legislation to require federal agencies to better protect Americans' sensitive personal information.
Davis' legislation, the Federal Agency Data Breach Protection Act (H.R. 6163)'which could strengthen a bill to improve data security at the Veterans Affairs Department'would require all federal agencies to inform the public about data breaches involving sensitive data.
This legislation amends the Federal Information Security Management Act, which Davis introduced and shepherded to passage in 2002.
"If new policies and procedures are not forthcoming quickly, or if they lack the teeth to get the job done, I will revisit this matter with additional legislation," the congressman said.
Davis' legislation directs the Office of Management and Budget to establish procedures for agencies to follow if personal information is lost or stolen. It also would require that individuals be notified if their personal information could be compromised by a breach of data security at a federal agency.
It would give CIOs the power to ensure that agency personnel comply with information security laws and that costly equipment containing sensitive information is accounted for and secure.
Earlier Davis language became H.R. 5838, the Federal Agency Data Breach Notification Act, which was added to the VA bill, H.R. 5835, the Veterans Identity and Credit Security Act of 2006, and introduced after officials there revealed a laptop computer containing sensitive information about veterans had been stolen from an employee's home in suburban Maryland.
Davis hopes the revised legislation introduced today will be added to the VA bill as well.
other federal agencies if they were missing laptops or other potentially compromising information. The Commerce Department revealed it couldn't account for more than 1,100 laptops, some containing census data. Half the missing computers were simply not returned by departing or terminated employees. Some agencies have yet to respond to the committee's query.
Last Friday, Davis responded
with a call for a governmentwide policy on public breach notification.
Later that day, OMB issued
guidance supporting the recommendations of the White House and its Identity Theft Task Force that agencies establish a core management group responsible for responding to breaches of personal data, including initial risk analysis of the data breach and its scope to determine how it should proceed.
Mary Mosquera is a reporter for Federal Computer Week.