White House Data Breach Prevention Guidelines
So the Office of Management and Budget sent a memo this week, “Safeguarding Against and Responding to the Breach of Personally Identifiable
Information.” [link to http://www.whitehouse.gov/omb/memoranda/fy2007/m07-16.pdf no longer works]
The cool bit is that the memo directs agencies to act within 120 days, including evaluating their data collection, and continuing collection of personal information only if it’s necessary. Unfortunately, what I expect to happen is that all data collection will be declared necessary. [link to http://www.politics.co.uk/issueoftheday/party-politics/labour/home-office-interference-with-privacy-necessary-$473953$473942.htm no longer works]
However, far more important than the nature of the changes that were announced is why they were announced, and that is that is that these breaches weren’t just swept under the rug. What that means is that breach disclosure is good for you [link to https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwiixL_DqpjVAhUhjVQKHfSrAf8QFggiMAA&url=https%3A%2F%2Fshostack.org%2Farchive%2F2007%2F03%2F29%2Fsecurity-breaches-are-good-for-you-my-shmoocon-talk%2F&usg=AFQjCNFZiwsUJL-yX-1TI5c2qOa5ZI08aQ no longer works], the American citizen.
It’s also why we see so much resistance to talking about breaches. Because as we do, we’ll catalyze change. I think that’s a good thing, even if it’s scary. Some senior officials seem to think the same way.
Via Threat Level 27B-6.bis, “White House Issues Data Breach Prevention Guidelines” [link to http://blog.wired.com/27bstroke6/2007/05/white_house_iss.html no longer works] and several others