Davis bill would tighten FISMA regs

House Government Reform Committee chairman Rep. Tom Davis (R-Va.) today introduced legislation to require federal agencies to better protect Americans' sensitive personal information.

Davis' legislation, the Federal Agency Data Breach Protection Act (H.R. 6163)'which could strengthen a bill to improve data security at the Veterans Affairs Department'would require all federal agencies to inform the public about data breaches involving sensitive data.

This legislation amends the Federal Information Security Management Act, which Davis introduced and shepherded to passage in 2002.

"If new policies and procedures are not forthcoming quickly, or if they lack the teeth to get the job done, I will revisit this matter with additional legislation," the congressman said.

Davis' legislation directs the Office of Management and Budget to establish procedures for agencies to follow if personal information is lost or stolen. It also would require that individuals be notified if their personal information could be compromised by a breach of data security at a federal agency.

It would give CIOs the power to ensure that agency personnel comply with information security laws and that costly equipment containing sensitive information is accounted for and secure.

Earlier Davis language became H.R. 5838, the Federal Agency Data Breach Notification Act, which was added to the VA bill, H.R. 5835, the Veterans Identity and Credit Security Act of 2006, and introduced after officials there revealed a laptop computer containing sensitive information about veterans had been stolen from an employee's home in suburban Maryland.

Davis hopes the revised legislation introduced today will be added to the VA bill as well.

Davis asked other federal agencies if they were missing laptops or other potentially compromising information. The Commerce Department revealed it couldn't account for more than 1,100 laptops, some containing census data. Half the missing computers were simply not returned by departing or terminated employees. Some agencies have yet to respond to the committee's query.

Last Friday, Davis responded with a call for a governmentwide policy on public breach notification.

Later that day, OMB issued guidance supporting the recommendations of the White House and its Identity Theft Task Force that agencies establish a core management group responsible for responding to breaches of personal data, including initial risk analysis of the data breach and its scope to determine how it should proceed.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected