A Call to Consolidate Federal Data Security Laws
As Congress heads back to session, among the legislation they'll be considering are two new bills related to data security: the Federal Agency Data Breach Protection Act introduced by Rep. Tom Davis (R-Va.), ranking member on the House Oversight and Government Reform Committee, and a Senate version introduced by Sen. Norm Coleman (R-Minn.), a member of the Senate Homeland Security and Governmental Affairs Committee.
Yet, in an article on FCW.com this week, Gina Marie Stevens, legislative attorney in Congressional Research Services’ American law division, suggests there should be greater emphasis on considating existing current data security legislation, rather than expanding requirements further.
“An important issue to be addressed is harmonization of these various laws in order to provide uniform protections for personal information not dependent on the owner of the information or the category of information involved," Stevens said in a report dated July 31st and recently made public.
The article by Mary Mosquera cites provisions of information security in the Privacy Act, the Federal Information Security Management Act, guidance from the Office of Management and Budget to prevent and respond to data breaches, the Veterans Affairs Information Security Act, and the Health Insurance Portability and Accountability Act as just some of the legislation Federal agencies must follow.
I am not sure that Stevens' suggestion is going to curb the call for more data breach notification legislation, but, I would agree that trying to establish one clear set of definitions would probably aid in focusing compliance efforts among federal agencies. The National Institute of Standards and Technology's Special Publication 800-53, Recommended Security Controls for Federal Information Systems, seems to be a popular framework that could be used as the basis of any consolidated standard,
Contributed by Mark Tordoff
Comments