In response to recommendations from the President's Identity Theft Task Force, The Office of Management and Budget issued guidance in May 2007 for federal agencies on "Safeguarding Against and Responding to the Breach of Personally Identifiable Information." The OMB memorandum requires all federal agencies to implement a breach notification policy to safeguard "personally identifiable information" within 120 days of the date of the memorandum (by August 22, 2007) to apply to both electronic systems and paper documents. To formulate their policy, agencies are directed to review existing privacy and security requirements, and include requirements for incident reporting and handling and external breach notification. In addition, agencies are required to develop policies concerning the respons
| Attributes | Values |
|---|
| rdfs:label
| - Office of Management and Budget "Breach Notification Policy"
|
| rdfs:comment
| - In response to recommendations from the President's Identity Theft Task Force, The Office of Management and Budget issued guidance in May 2007 for federal agencies on "Safeguarding Against and Responding to the Breach of Personally Identifiable Information." The OMB memorandum requires all federal agencies to implement a breach notification policy to safeguard "personally identifiable information" within 120 days of the date of the memorandum (by August 22, 2007) to apply to both electronic systems and paper documents. To formulate their policy, agencies are directed to review existing privacy and security requirements, and include requirements for incident reporting and handling and external breach notification. In addition, agencies are required to develop policies concerning the respons
|
| dcterms:subject
| |
| abstract
| - In response to recommendations from the President's Identity Theft Task Force, The Office of Management and Budget issued guidance in May 2007 for federal agencies on "Safeguarding Against and Responding to the Breach of Personally Identifiable Information." The OMB memorandum requires all federal agencies to implement a breach notification policy to safeguard "personally identifiable information" within 120 days of the date of the memorandum (by August 22, 2007) to apply to both electronic systems and paper documents. To formulate their policy, agencies are directed to review existing privacy and security requirements, and include requirements for incident reporting and handling and external breach notification. In addition, agencies are required to develop policies concerning the responsibilities of individuals authorized to access personally identifiable information. Agencies are permitted to develop more stringent policies. According to the OMB memo, an agency's failure to implement one or more of FISMA provisions or associated standards, policies, or guidance issued by OMB or the National Institute of Standards and Technology (NIST) would not constitute less than adequate protections required by the Privacy Act. Moreover, the new OMB requirements do not create any enforceable rights or benefits at law against the government.
|
![[RDF Data]](/fct/images/sw-rdf-blue.png)