Davis Statement on Latest Security Breach

June 12, 2006

Washington, D.C. Chairman Tom Davis (R-VA) issued the following statement today regarding the latest revelation about a security breach at a federal agency:

"The Energy Department's recent disclosure that a hacker compromised 1,500 personnel records last September raises anew the question of how seriously the federal government treats information security. Like the much larger security breach at the Veterans Affairs Department, this situation leaves us with more questions than answers. Why are we just learning of this now? Why wasn't the Secretary of Energy notified until last week? Why weren't the victims notified, so they could take action to protect their personal finances? Do we know what has happened with the stolen data?

"Sadly, once more we have an example of how far the federal government has to go to reach the goal of strong, uniform, government-wide information security policies and procedures.

"On the Government Reform Committee, we've been focused on government-wide information management and security for a long time. The Privacy Act and the E-Government Act of 2002 outline the parameters for the protection of personal information. These incidents highlight the importance of establishing and following security standards for safeguarding personal information, and they highlight the need for security breach notification requirements for all organizations, including federal agencies, that deal with sensitive personal information.

"My Committee will be taking a look at what changes need to be made to the Federal Information Security Management Act (FISMA). As a first step, I intend to introduce legislation this week to strengthen data breach notification requirements at federal agencies."