Tag:

PII

Latest Headlines

Latest Headlines

HHS officials defend security of healthcare.gov

Three information technology officials from the Health and Human Services Department vouched for the security of healthcare.gov at a sometimes contentious House Oversight Committee hearing Jan. 16. No attacks on the site have been successful, said Kevin Charest, HHS's chief information security officer. He also called the code behind one widely  reported  denial-of-service attack attempt "rudimentary."

House Homeland Security critical infrastructure bill gets potentially controversial amendment

A House Homeland Security subcommittee approved by unchallenged voice vote a critical infrastructure cybersecurity bill, adding in the process several amendments – one of which could generate opposition to an otherwise bipartisan bill.

Data breach reporting mandate may be a needless distraction

"OMB staff said that they were unaware of the rationale for the 1-hour time frame, other than a general concern that agencies report PII incidents promptly," says the recently released report, dated Dec. 9. After just an hour, agencies often have little to report to US-CERT, the cyber incident response unit at DHS, but must do so under Office of Management and Budget guidance.

Privacy appendix of draft NIST cybersecurity framework under fire

Some major Internet companies say the proposed privacy approach of the cybersecurity framework under development by the National Institute of Standards and Technology would be potentially burdensome, something that could discourage organizations from adopting it.

Weakness that exposed DOE employee data still common

The same weakness that exposed the personal data of tens of thousands of Energy Department employees in July persists in many of the department's desktop computers. DOE's office of inspector general scanned more than 2,300 desktop systems at 17 different locations, finding that 41 percent lacked security patches for known vulnerabilities.

CMS should address SSN privacy concerns with IT modernization, says GAO

Centers for Medicare and Medicaid Services should launch a project to address the removal of Social Security numbers from Medicare beneficiaries' cards as a core component of its information technology modernization efforts, says the Government Accountability Office.

GSA offers electronic privacy refresher

Many agencies are using social media like Twitter and Facebook, and should be aware of the privacy implications of posting photos and collecting comments, writes Tim Lowden, a digital communications specialist in the General Services Administration's Center for Excellence in Digital Government. Some of that content contains personally identifiable information.

CIO Council outlines privacy implications of social media use for situational awareness, operations

Beyond simply broadcasting information or promoting their mission, agencies can use social media for situational awareness and for mission operations, but there are privacy issues agencies must consider, says the Federal Chief Information Officers Council.

DHS notifies employees of PII potential data breach

The Homeland Security Department says software utilized by a vendor that processes personnel security investigation had a vulnerability that may have allowed a data breach of elements including Social Security numbers.

Warrant requirements for police drone use debated

A tenet of fair information practice principles is that organizations should only collect personally identifiable information for a specified purpose--whether that should translate into a warrant requirement for government use of unmanned aerial vehicles took up large parts of a May 17 House hearing.