Davis bill would tighten FISMA regs

House Government Reform Committee chairman Rep. Tom Davis (R-Va.) today introduced legislation to require federal agencies to better protect Americans' sensitive personal information.

Davis' legislation, the Federal Agency Data Breach Protection Act (H.R. 6163)'which could strengthen a bill to improve data security at the Veterans Affairs Department'would require all federal agencies to inform the public about data breaches involving sensitive data.

This legislation amends the Federal Information Security Management Act, which Davis introduced and shepherded to passage in 2002.

"If new policies and procedures are not forthcoming quickly, or if they lack the teeth to get the job done, I will revisit this matter with additional legislation," the congressman said.

Davis' legislation directs the Office of Management and Budget to establish procedures for agencies to follow if personal information is lost or stolen. It also would require that individuals be notified if their personal information could be compromised by a breach of data security at a federal agency.

It would give CIOs the power to ensure that agency personnel comply with information security laws and that costly equipment containing sensitive information is accounted for and secure.

Earlier Davis language became H.R. 5838, the Federal Agency Data Breach Notification Act, which was added to the VA bill, H.R. 5835, the Veterans Identity and Credit Security Act of 2006, and introduced after officials there revealed a laptop computer containing sensitive information about veterans had been stolen from an employee's home in suburban Maryland.

Davis hopes the revised legislation introduced today will be added to the VA bill as well.

Davis asked other federal agencies if they were missing laptops or other potentially compromising information. The Commerce Department revealed it couldn't account for more than 1,100 laptops, some containing census data. Half the missing computers were simply not returned by departing or terminated employees. Some agencies have yet to respond to the committee's query.

Last Friday, Davis responded with a call for a governmentwide policy on public breach notification.

Later that day, OMB issued guidance supporting the recommendations of the White House and its Identity Theft Task Force that agencies establish a core management group responsible for responding to breaches of personal data, including initial risk analysis of the data breach and its scope to determine how it should proceed.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected