According to this story in GovExec.com, the White House Office of Management and Budget (OMB) has advised government agencies to report data breaches regardless of whether they are “confirmed” or merely “suspected.” A copy of the OMB memo is here .

The memo comes on the heels of an incident in which a Department of Veterans Affairs employee inadvertently exposed the personal information of more than 26 million veterans by taking home an unsecured laptop computer loaded with the information. The computer was taken from the employee’s home by a burglar and later recovered, but the incident helped to highlight the lax standards protecting the personal information that we entrust to the government.

In our Policy Post on the VA breach, we noted that the OMB had to take the lead in issuing strong Privacy Act-based guidance to agencies. The OMB still has a long way to go. We hope that this memo is a sign that OMB is taking more seriously its responsibility to manage data security across agencies.

This entry was posted on Monday, July 17th, 2006 at 5:26 pm and is filed under Consumer Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.