Davis Introduces Security Legislation

In wake of the announcement by the Department of Commerce that 1,100 laptops could not be accounted for, Virginia Congressman Tom Davis has introduced legislation that would require federal agencies to disclose security breaches involving sensitive data to the public.

Beyond the Department of Commerce, recent security breaches have occurred at the Veterans Administration, U.S. Department of Agriculture and Federal Trade Commission. In some cases, incidents involved a system hack, though more often breaches occurred from a lost or stolen piece of hardware.

In 2002, the Federal Information Management Act was implemented to provide a comprehensive framework for ensuring the effectiveness of information security controls and governmentwide oversight of information security risks. The act also recognized that a selection of commercial security solutions should be left up to the individual agency.

Davis' latest legislation builds on that, directing the Office of Management and Budget (OMB) to establish procedures for agencies to follow if personal information is lost or stolen, and would require that individuals be notified if their personal information could be compromised. CIOs would maintain the authority to ensure that agency employees comply with information security laws and ensure that costly equipment containing sensitive information is accounted for and secure.