Thursday, June 15, 2006

Actions the Government Should Take to Protect Personal Information

Jim Kouri wrote an interesting commentary in the Conservative Voice, where he outlined the steps the government should take to protect personal information in the wake of the recent VA and Nuclear Weapons Agency breaches:

"The first key step is to develop a privacy impact assessment -- an analysis of how personal information is collected, stored, shared, and managed -- whenever information technology is used to process personal information. These assessments are required by the E-Government Act of 2002. They are a tool for agencies to fully consider the privacy implications of planned systems and data collections before implementation, when it may be easier to make critical adjustments."

"The second key step is to ensure that a robust information security program is in place, as required by the Federal Information Security Management Act of 2002 (FISMA). Such a program includes periodic risk assessments; security awareness training; security policies, procedures, and practices, as well as tests of their effectiveness; and procedures for addressing deficiencies and for detecting, reporting, and responding to security incidents."

For Jim Kouri's full commentary, link here.

Right now there is a lot of emphasis on the government's mishandling of personal information, but in reality the private sector has been responsible for most of the breaches incurred thus far.

According to the Privacy Rights Organization, which has monitoring these breaches, almost 82 million Americans have had their identities compromised. You can view their chronology, here.

Maybe now that the government plans to show some leadership on this issue, the private sector will follow suit.

Here is a previous post, I did on this matter:

The VA Data Breach is a Symptom of a Bigger Problem


prying1 said...

This does break it down into more managable portions I think. I mean, even I could understand it real good.

How soon before it is implemented?

Ed Dickson said...

Hard to say - Congress is still playing around with the legislation - but with the publicity as a result of these stories, the special interests (lobbyists) are going to have a harder time "watering" legislation down.

Let's pray - that in the end - we will value people over organizations!