Privacy Digest

FCW.com News - OMB: Scrub unnecessary SSNs from systems: "The Office of Management and Budget has directed agencies to safeguard against data breaches by collecting and storing only a minimal amount of necessary personally identifiable information. As a result, agencies must plan how to reduce the use of Social Security numbers.

Agencies must develop and put in place within four months a risk-based breach notification policy, which also will include plans to eliminate the unnecessary use of Social Security numbers within 18 months, finding alternative personal identifiers and secure federal data accessed remotely. OMB outlined a framework in which agencies must develop the breach notification policy. A breach can include loss of control of the data, unauthorized disclosure or unauthorized access.

The memorandum comes one year after the Veterans Affairs Department reported that a laptop computer containing the personal data of millions of veterans had been stolen from an employee's home. Law enforcement officials later recovered the laptop, and forensics experts said they believe the data was not accessed. Following that incident, agencies reported a flood of data breaches.

At the time, OMB responded with several memos directing agencies how to define and secure sensitive personal information and when and how to report data breaches.

'Safeguarding personally identifiable information in the possession of the government and preventing its breach are essential to ensure the government retains the trust of the American public,' said Clay Johnson, OMB deputy director for management, in the memo posted May 22.
"

(Read Original Article - Via FCW.com News .)