Rep. Tom Davis (R-Va), chairman of the House Committee on Government Reform, proposed legislation requiring federal agencies to notify the public if sensitive information is lost or stolen, Computerworld.com reports.According to the article, the legislation calls for the White House Office of Management and Budget (OMB) to set disclosure policies and standards for agencies to follow for breaches involving personal data. This comes after the OMB toughened the internal-breach notification requirements with a July 12 memo issued by de facto federal CIO Karen Evans. Agencies must report an incident involving personal identifiable information to the U.S. Department of Homeland Security within an hour of discovery, including confirmed and suspected breaches.In a statement made last week, Davis said his attempted legislation modifying the Federal Information Security Management Act would also force agencies to disclose breaches more quickly, according to Computerworld.“We have seen too many recent examples when sensitive data has been lost or stolen and agencies have moved too slowly to acknowledge the problem and take steps to limit the potential damage,” he said. Computerworld reports that at a hearing held by the Senate Committee on Veterans Affairs last Thursday, Department of Veterans Affairs (VA) Secretary James Nicholson testified about the dilemma he faced on whether to delay the data breach disclosure or go public with the news. He made the decision to inform.During the hearing, Sen. Richard Burr (R-N.C.) said there should have been no hesitation and Congress should have been notified of the breach immediately, Computerworld reports. According to John Pescatore, an analyst with Gartner, the OMB’s modifed policy of a one-hour reporting requirement includes the improper use of sensitive data, such as storing it on a home computer without adequate encryption. Previously, only unauthorized access had to be reported.Bruce Brody, a former CISO at the VA, told Computerworld that the reporting structure and escalation process should also be taken into consideration.OMB officials “are assuming that there’s a centralized authority that is part of the escalation process,” Brody told Computerworld. In reality, such a structure doesn’t exist at most federal agencies.Compiled by Paul KersteinFor more information, read Data Theft at the VA.Keep checking in at our Security Feed for updated news coverage. Related content feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO CSO and CISO C-Suite news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry news UK data regulator warns that data breaches put abuse victims’ lives at risk The UK Information Commissioner’s Office has reprimanded seven organizations in the past 14 months for data breaches affecting victims of domestic abuse. By Michael Hill Sep 28, 2023 3 mins Electronic Health Records Data Breach Government news EchoMark releases watermarking solution to secure private communications, detect insider threats Enterprise-grade software embeds AI-driven, forensic watermarking in emails and documents to pinpoint potential insider risks By Michael Hill Sep 28, 2023 4 mins Communications Security Threat and Vulnerability Management Security Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe