A lawmaker has introduced new legislation that would codify two federal Office of Management and Budget (OMB) memos that order government to institute an array of information security safeguards.
The Federal Agency Data Protection Act was introduced Tuesday by Rep. William Lacy Clay, D-Mo., but referred to the U.S. House Oversight and Government Reform Committee, which he chairs.
The measure seeks to codify a number of requirements in two OMB memos that were released following a string of high-profile data breaches in federal government, punctuated by the May 2006 stolen Department of Veterans Affairs' laptop.
In a June 2006 memo, OMB ordered agencies to encrypt all sensitive data, in addition to requiring the implementation of two-factor authentication for remote users. Also, agencies must use the National Institute of Standards and Technology (NIST) security checklist as a baseline for its security practices.
And earlier this year, OMB issued a 22-page memo that directed federal agencies to, among other things, create a breach notification plan for the timely reporting and notification of data-loss incidents.
Clay likely will have to re-introduce the legislation when the 111th Congress convenes for the first time next month.
His bill would be one of several circulating on Capitol Hill. The House is expected to consider the Identity Theft Enforcement and Restitution Act of 2007 - which has already passed the Senate - but not before it considers a separate breach-notification law.