Davis introduces data breach notification act
Legislation would require agencies to make public notifications of security breaches.
Rep. Tom Davis (R-Va.) introduced today legislation that would require federal agencies to notify the public when they have data breaches involving sensitive information.
The bill would amend the Federal Information Security Management Act, and is a response to several recently reported data thefts, including one at the Energy Department that did not become publicly known for more than a year.
Davis' bill would direct the Office of Management and Budget to establish policies, procedures and standards for agencies to follow if sensitive personal information is lost or stolen.
"Sadly, this legislation is necessary to ensure that federal agencies are taking the proper steps to notify the public, the potential victims, and appropriate government officials that sensitive data may have been compromised," Davis said in a written statement. "We have seen too many recent examples when sensitive data has been lost or stolen and agencies have moved too slowly to acknowledge the problem and take steps to limit the potential damage."
Rep. Steve Buyer (R-Ind.), chairman of the House Veterans’ Affairs Committee, and Rep. Deborah Pryce (R-Ohio) are original co-sponsors of the bill.
Buyer has agreed to incorporate the reforms Davis suggests in legislation addressing data security at the Department of Veterans Affairs.