Posted on June 29, 2006 by Ronald London

White House Issues New Data Protection Security Guidelines

  • Email This
  • Print
  • Comments
  • Share Link

Posted by Stuart Louie and Peter Mucklestone

This past Friday, the White House Office of Management and Budget issued new data protection security guidelines directed at federal civilian agencies. The guidelines address the protection of personal information of the millions of employees and citizens held by such agencies. The Office of Management and Budget has stated that it will work with the agencies’ inspector generals to implement these new guidelines within 45 days; however, stopped short of categorizing the guidelines as “requirements” and has instead labeled them as “recommendations.”  

In order to comply with the new policies, agencies will be require, among other things, to: (i) encrypt all data on laptop or handheld computes unless the data is deemed to be “non-sensitive” by an agency’s deputy director; (ii) implement a “two-factor authentication” system (i.e., password protection plus a physical security device such as a key card) in order to be able to access any agency database where personal information may be stored; (iii) require any remote connection to an agency database to be severed after 30 minutes of inactivity; and (iv) keep detailed records of any information downloaded from any agency database where personal information may be stored.

It has been suggested that these new guidelines stem from the recent data thefts or inadvertent disclosures at five separate agencies—(i) the Department of Veteran Affairs (names, social security numbers and birthdates of 26.5 million veterans); (ii) the Internal Revenue Service (names, social security numbers and fingerprints of 291 employees and IRS job applicants); (iii) the Agriculture Department (names, social security numbers and photos of 26,000 employees); (iv) the Federal Trade Commission (lost two laptops containing social security numbers and financial data related to various law enforcement investigations); and (v) the Navy (social security numbers and other personal data for 28,000 sailors and family members).

For more information, see OMB Sets Guidelines for Federal Employee Laptop Security, Washington Post, 6/27/06
Tags:
Trackbacks (0) Links to blogs that reference this article Trackback URL
Comments (0) Read through and enter the discussion with the form at the end
Post A Comment / Question Use this form to add a comment to this entry.







Remember personal info?
Send To A Friend Use this form to send this entry to a friend via email.