An Effort to Protect Individuals' Identities

My bill requires timely notice to individuals whose sensitive personal information could be compromised by a breach of data security at federal agencies. Until now, there has been no requirement that people be notified if their information is compromised. Under this legislation, the Administration must establish procedures for agencies to follow if sensitive personal information is lost or stolen and there is a reasonable risk of harm to an individual. And we provide a clear definition of the type of sensitive information we're trying to protect.

Next, we give the agency Chief Information Officers the authority to ensure, when appropriate, that agency personnel comply with the information security laws already on the books.

Finally, we ensure that costly equipment containing potentially sensitive information is accounted for and secure. Half of the lost Census Bureau computers simply were not returned by departing or terminated employees. The agency did not track computer equipment, nor were employees held accountable for failing to return it. This is taxpayer funded equipment, containing sensitive information, and we need to know what we have and who has it at all times.

This bill is a first step, and I'm glad it's going to be attached to Chairman Buyer's VA legislation today. But if new policies and procedures are not forthcoming quickly, or if they lack the teeth to get the job done, I will revisit this matter with additional legislation.

More in Cybersecurity

Financial groups want same data security standards for retailers

Read more »