Agencies take steps to safeguard data.The Office of Management and Budget The Office of Management and Budget (OMB), formerly the Bureau of the Budget, is an agency of the federal government that evaluates, formulates, and coordinates management procedures and program objectives within and among departments and agencies of the Executive Branch. (OMB OMB abbr. Office of Management and Budget Noun 1. OMB - the executive agency that advises the President on the federal budget Office of Management and Budget ) has ordered all federal agencies to eliminate the unnecessary collection and use of Social Security numbers by 2009. That order and several other new security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security to combat data breaches and identity theft were outlined in a memo to all department and agency heads from Clay Johnson
Clayton H. Johnson (born July 18, 1956 in Yazoo City, Mississippi) is a retired American professional basketball player. III, deputy director for management of the OMB. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. an Associated Press Associated Press: see news agency. Associated Press (AP) Cooperative news agency, the oldest and largest in the U.S. and long the largest in the world. (AP) report, Johnson gave the agencies 120 days to review all their files for instances in which the use of Social Security numbers is superfluous and "establish a plan in which the agency will eliminate the unnecessary collection and use of Social Security numbers within 18 months." In addition, he directed agencies to review all information they have that could be used to identify an individual citizen or employee, to ensure such records are accurate, and "to reduce them to the minimum necessary for the proper performance" of their duties. The order is based on the principle that "the federal government should not unnecessarily collect or maintain personally identifiable information In information security and privacy, personally identifiable information or personally identifying information (PII) is any piece of information which can potentially be used to uniquely identify, contact, or locate a single person. ," OMB spokesman Sean Kevelighan told the AP. By requiring agencies to reduce such data to a minimum, the agency hopes the risk of harm from identity theft will decline, he added. The order stems from several high-profile data breaches that occurred over the past few years. Last year, for example, the Veterans Affairs Department The Department of Veterans Affairs (VA) operates programs to benefit veterans and members of their families. Benefits include compensation payments for disabilities or death related to military service, pensions, education, and rehabilitation. reported that a laptop computer with information for more than 26.5 million military personnel, including data on 2.2 million active-duty military, Guard, and Reserve members, had been stolen from a department employee. After that breach, a House Government Reform Committee investigation revealed that 19 agencies had lost personal information about thousands of employees and the public in 788 separate incidents since January 2003. And it didn't end with the VA breach. In April, an Illinois farmer alerted the government that the Social Security numbers of 38,700 recipients of Agriculture Department grants had been available on a government website since 1996. In May, the Transportation Security Administration (TSA TSA See tax-sheltered annuity (TSA). ) lost an external computer hard drive containing Social Security numbers, bank data, and payroll information for about 100,000 employees. In a civil lawsuit filed after the TSA drive was lost, four airport security screeners and their union, the American Federation of Government Employees The American Federation of Government Employees is an American labor union representing over 600,000 employees of the federal government. (State and municipal employees are represented by other unions, most notably the American Federation of State, County and Municipal Employees , asked a federal court in Washington to order TSA to encrypt personnel data and install electronic monitoring on any mobile equipment that stores personnel information, according to the AR Among the other measures ordered by Johnson was a requirement that agencies encrypt all data on mobile computers or storage devices, unless the department's deputy secretary certifies in writing that it is not sensitive. The AP said Johnson also ordered each agency to establish a policy within 120 days for notifying security officials, potential victims, and the public about the loss or exposure of personally identifiable information based on risk principles he defined. Johnson also said agencies must implement a secure method for granting remote access to data, automatic time-out of remote access unless the user re-authenticates before 30 minutes of inactivity, and logs of all extracts of information from databases with sensitive data. Johnson's memo also called for better training of employees in security rules and written descriptions of potential discipline for violations. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion