Lax standards for feds in data breach vote

Lax standards for feds in data breach vote
By Declan McCullagh and Anne Broache
Staff Writer, CNET News.com

Published: May 25, 2006, 6:10 PM PDT
TalkBack E-mail Print
WASHINGTON--Days after a massive data leak potentially affecting more than 26 million American veterans became public, a U.S. House of Representatives committee approved a bill requiring written notice of information security breaches.

By a voice vote Thursday, the House Judiciary Committee adopted a bill that would require businesses to alert customers about security breaches. The panel also glued on a newly drafted amendment that would apply to federal agencies.

But in a bizarre twist, the legislation regulates the private sector far more stringently than government agencies--even though the Veterans Administration was responsible for one of the largest security breaches in history, one which officials now say could cost $500 million to clean up.

Feds' easy data breach rules
A House of Representatives panel approved on Thursday a data breach bill that regulates commercial companies more stringently than federal agencies--even though the Department of Veterans Affairs just lost a database of information on 26.5 million veterans.


R. James Nicholson, the Veterans Affairs secretary, said Thursday that: "I am outraged at the loss of this veterans' data and the fact an employee would put it at risk by taking it home in violation of VA policies." On May 3, the unnamed employee's home was broken into and the database was stolen, Nicholson said. No encryption was used to protect the data.

The bill, called the Data Accountability and Trust Act, or DATA, (click here for PDF) establishes strict standards for commercial companies to follow in the event of a data breach--including notifying customers "as quickly as possible," posting an alert on their Web sites and picking up the cost of credit reports for one year.

Not one of those requirements would apply to federal agencies.

More @ http://tinyurl.com/p7b92 c/net

Frigging Fed's can't even fix this right. It's way past time for a Major overhaul of all Fed services and Fed employees. (My highlights in the excerpt)