Have No Fear, Federal Government Issues Data Leak Prevention Guidelines

from the see,-it-looks-like-we're-doing-something dept

Following a spate of data leaks and breaches at federal agencies, the Office of Management and Budget has now issued a set of guidelines for agencies to reduce the chances of data losses, while giving them 120 days to come up with breach-notification policies. The guidelines sound useful, particularly the advice that agencies should reduce the amount of information they collect and store to a minimum. However, it's hardly surprising to see that overall, the document is pretty toothless. What happens if agencies don't meet the 120-day deadline? Nothing, apparently, but maybe they'll be sent another memo. Furthermore, the "Rules and Consequences Policy" doesn't actually spell out any consequences should an agency lose data, rather it just says agency heads need to come up with a policy outlining behavior standards and the repercussions of breaking them. It's this sort of hands-off attitude that's the real problem here: nobody is ever forced to accept any sort of personal responsibility for these breaches, so there's little motivation -- beyond acting out of selflessness -- for government employees or businesses to take the situation seriously. Memos directing people to take some action, with no real followthrough, isn't the same thing as actually taking action. Until that happens, expect the data leaks to continue at the federal government, and elsewhere.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Killer_Tofu (profile), 24 May 2007 @ 11:16am

    And we all know ..

    .. how selfless the government is ....

    link to this | view in chronology ]

  • identicon
    discojohnson, 24 May 2007 @ 12:15pm

    you want to stop it real quick?

    $1000 fine per suspected identity charged directly to the company and if not paid within 90 days then they freeze the companies assets and take it out of hide. oh, and $1000 to the person affected. doesn't sound like much, but when most of these are like 40k lost at a swat that's 80mil. do that once or twice and the bottom line is hit pretty hard. oh, and they'll drop the CIO into a vat of boiling oil..sponsored by crisco no less.

    link to this | view in chronology ]

    • identicon
      g, 24 May 2007 @ 1:03pm

      Re: you want to stop it real quick?

      Suspicion leading to fines? We don't need any more penalties based solely on suspicion around these parts I think.

      link to this | view in chronology ]

      • identicon
        discojohnson, 24 May 2007 @ 2:30pm

        Re: Re: you want to stop it real quick?

        because unless the company is liable, the situation where my info is leaked and they know it was..but no one did anything so there's no retribution and no reason to close the holes. but here in 10 years after sitting on the data suddenly strange charges show up on accounts i never opened.

        the only thing that matters to companies is the bottom line, so that's where you have to put the pressure. they don't give a damn about doing "what's right" once an individual customer no longer matters because the company is has grown too large.

        link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.