BreachExchange mailing list archives
Standard Gov breach notification (OT)
From: Al Mac <macwheel99 () sigecom net>
Date: Sun, 24 Sep 2006 10:31:45 -0500
Federal agencies have been losing laptop computers, including those with personal data, without public notification and sometimes undetected by the government. Agencies are now disclosing the information, because House Government Reform Committee chairman Tom Davis (R-Va.) requested summaries of data breaches over the last several years. As a result, the situation requires a strong governmentwide policy on public notification, including strengthening legislation he has introduced, Davis said. The most flagrant violator among agency responses so far is the Commerce Department, which reported that 1,137 laptops had been lost, stolen or misplaced since 2001. It also is missing 46 flash or thumb drives and 16 handheld computers. Of these, 672 of the missing laptops were from the Census Bureau, and 246 of those contained personally identifiable information. [...] The Federal Information Security Management Act guides agencies in protecting federal information, operations and assets. In Davis annual FISMA scorecard, the federal government averages D+. Among FISMA provisions, agencies are required to report data breaches to the U.S. Computer Emergency Readiness Team (US-CERT) within the Homeland Security Department. [.. ] In July, Davis and Rep. Henry Waxman (D-Calif.) asked all cabinet-level agencies, the Office of Personnel Management and the Social Security Administration to report any loss or compromise of sensitive personal information held by the federal government since Jan.1, 2003. Agencies were to deliver a summary of each incident by July 24. To date, 13 agencies have responded, including the Social Security Administration and the Energy and Veterans Affairs departments. The Homeland Security Department has partially responded. Three agencies have not yet responded the Treasury, Defense and Health and Human Services departmentsa committee spokesman said. [..] http://www.gcn.com/online/vol1_no1/42081-1.html _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 146 million compromised records in 366 incidents over 6 years.
Current thread:
- Standard Gov breach notification (OT) Al Mac (Sep 24)