Data security bill gains traction

Congress is currently grappling with legislation to fight cybercrime and to improve government information security compliance. The measure is likely to have an impact on the private sector, too. The proposal would update the Federal Information Security Management Act, which sets up requirements for securing personal or sensitive data.

The bill includes a broader definition of "personally identifiable information" and strengthens reporting and auditing requirements. It also calls for privacy impact assessments for agency purchases of lists containing potentially sensitive information from commercial data brokers.

The legislation is controversial, and faces some serious opposition. Karen Evans, administrator of eGovernment at the Office of Management and Budget, told a Congressional committee in written testimony that the bill could "seriously impact established agency security and privacy practices while not necessarily achieving the outcomes of improved privacy or security."

Cyber Security Industry Alliance President Tim Bennett said that OMB guidance has been "uneven" and too focused on compliance with memorandum and circulars. A similar bill already passed by the Senate would give federal prosecutors tools to fight identity theft and cybercrime. "The bad guys are moving quicker and getting more sophisticated every day and we don't have time to lose," Bennett said.

For more on this security bill:
- See this GovernmentExecutive article