A Start of a Response to Government Data Breaches
July 17, 2006
Filed under Consumer Privacy
According to this story in GovExec.com, the White House Office of Management and Budget (OMB) has advised government agencies to report data breaches regardless of whether they are "confirmed" or merely "suspected." A copy of the OMB memo is here . The memo comes on the heels of an incident in which a Department of Veterans Affairs employee inadvertently exposed the personal information of more than 26 million veterans by taking home an unsecured laptop computer loaded with the information. The computer was taken from the employee's home by a burglar and later recovered, but the incident helped to highlight the lax standards protecting the personal information that we entrust to the government. In our Policy Post on the VA breach, we noted that the OMB had to take the lead in issuing strong Privacy Act-based guidance to agencies. The OMB still has a long way to go. We hope that this memo is a sign that OMB is taking more seriously its responsibility to manage data security across agencies.