Congress' Busy Infosec Agenda
Committees in both houses are busily readying legislation to reform the 7-year-old Federal Information Security Management Act, the law that regulates how the government secures its IT assets. And other legislation is being shaped in the back rooms of the Capitol to determine whether the president should be granted the authority to shutter the Internet during a national crisis - some believe he already has this power - and whether a White House cybersecurity adviser should be codified. A House panel already has approved a measure to increase funding for cybersecurity research and development and the hiring of IT security pros. Plus, the push is on to update the Privacy Act of 1974, though action this year is unlikely.
Next week, the Senate Judiciary Committee gets into the act, as it likely will markup two data privacy bills.
The Data Breach Notification Act, or S. 139, would require federal agencies and businesses engaged in interstate commerce to notify American residents whose personal information is accessed or owner of such information when a security breach occurs. An exception: if notification would hinder national security or a law enforcement investigation.
The legislation, sponsored by Sen. Dianne Feinstein, D.-Calif., also would require notice to the Secret Service if records of more than 10,000 individuals are obtained or if the database breached has information on more than 1 million people, is owned by the federal government, or involves national security or law enforcement.
The other bill, Personal Data Privacy and Security Act, or S. 1490, designates as fraud under the federal criminal code unauthorized access of sensitive personally identifiable information, which would predicate for racketeering charges. The measure, as introduced by Senate Judiciary Committee Chairman Patrick Leahy, D.-Vermont, also would prohibit concealment of security breaches involved in fraud. It also would prohibit the dismissal of a Chapter 7 bankruptcy case if the debtor is an identity-theft victim.
Digital security and privacy may not grab the attention healthcare has, but it could define the current congress. And remember, if these bills aren't enacted this year, the 111th Congress resumes in 2010.