WASHINGTON DC – In response to the seemingly endless disappearances or thefts of laptops from government agencies, Rep. Tom Davis (R-Va.) has introduced a bill that would address the problem – or so it seems.
The “Federal Agency Data Breach Protection Act,” or H.R. 6163, as penned by Government Reform Committee chair Davis, would direct the White House’s Office of Management and Budget (OMB) to “institute procedures” for agencies to follow in the event of data breaches.
The bill would also mandate that victims of federal data breaches be informed, and empower agency information officers to ensure data security rules are enforced.
If that seems a little on the light side, that’s because the five-page bill really doesn’t offer much else.
Davis created H.R. 6163 to act as an amendment to previously introduced legislation that addressed data breaches after the theft of a laptop belonging to a Veterans Administration analyst caused the potential exposure of 26.5 million veterans to identity theft.
Missing: 1,137 Laptops
Davis was also motivated by the Census Bureau’s recent disclosure of its loss of 672 laptops since 2001, 246 of which contained personally-identifying information on Americans. The Commerce Department, which oversees the Census Bureau, lost a total of 1,137 laptops in the past five years.
“This bill is a first step,” said Davis in a press statement. “If new policies and procedures are not forthcoming quickly, or if they lack the teeth to get the job done, I will revisit this matter with additional legislation.”
Other recent government-related data breaches include the Department of Education’s publishing of 21,000 student loan borrowers’ information on a public Web site due to a software glitch.
The Department of Transportation’s Miami office reported the disappearance of two laptops containing data on thousands of drivers in the area, which were being used in an ongoing fraud investigation.
A DOT spokesman said investigators have found no indication that any credit card or other fraud has resulted from the laptop theft.
“Our special agents investigate any report of credit fraud or identity theft from someone whose personal information was on the laptops. They have already determined that 18 such complaints of fraud were not connected in any way with the laptop,” said Clayton Boyce of DOT Inspector General’s Office.
It seems incredible that Congress should have to pass legislation to require what is blatantly obvious to the average consumer – namely that victims of data breaches have a right to know if their identities are in danger, and that government information officers should have the power to keep data secure, critics claims.
Government agencies have claimed that they have been scrambling to institute data safeguard laws since the VA breach, all with varying levels of enforcement, and all with varying degrees of success.
Few observers have ever reported witnessing actual scrambling in a civilian federal agency, however.
Faint Praise
The Davis bill was greeted with skepticism in the technology sector, with commenters musing on the timing of the bill.
“If federal agencies actually needed a law to spur them to develop guidelines, that’s depressing. What’s more likely is that the whole thing was cooked up to make Tom Davis, and whatever other Representatives sponsor the bill, look good during election season,” said TechDirt.com.
Adam Thierer, writing for the Technology Liberation Front, mused that, “It might be easier if they just stopped losing so many laptops!”
This column was written by Martin H. Bosworth of ConsumerAffairs.Com
