[Dataloss] Standard Gov breach notification (OT)

[Al Mac]

Federal agencies have been losing laptop computers, including those with 
personal data, without public notification and sometimes undetected by the 
government.

Agencies are now disclosing the information, because House Government 
Reform Committee chairman Tom Davis (R-Va.) requested summaries of data 
breaches over the last several years.

As a result, the situation requires a strong governmentwide policy on 
public notification, including strengthening legislation he has introduced, 
Davis said.

The most flagrant violator among agency responses so far is the Commerce 
Department, which reported that 1,137 laptops had been lost, stolen or 
misplaced since 2001. It also is missing 46 flash or “thumb” drives and 16 
handheld computers. Of these, 672 of the missing laptops were from the 
Census Bureau, and 246 of those contained personally identifiable information.

[...]

The Federal Information Security Management Act guides agencies in 
protecting federal information, operations and assets. In Davis’ annual 
FISMA scorecard, the federal government averages D+. Among FISMA 
provisions, agencies are required to report data breaches to the U.S. 
Computer Emergency Readiness Team (US-CERT) within the Homeland Security 
Department.

[.. ]

In July, Davis and Rep. Henry Waxman (D-Calif.) asked all cabinet-level 
agencies, the Office of Personnel Management and the Social Security 
Administration to report any “loss or compromise of sensitive personal 
information held by the federal government since Jan.1, 2003.” Agencies 
were to deliver a summary of each incident by July 24.

To date, 13 agencies have responded, including the Social Security 
Administration and the Energy and Veterans Affairs departments. The 
Homeland Security Department has partially responded. Three agencies have 
not yet responded– the Treasury, Defense and Health and Human Services 
departments­a committee spokesman said.

[..]

http://www.gcn.com/online/vol1_no1/42081-1.html