DHS Committee Approves Best Practices for Breach Notifications
Mar 07, 2017
In February, a Homeland Security Department advisory committee approved a set of best practices for DHS agencies that may someday have to notify employees or clients of a data breach.
According to NextGov.com, the action may stem from the data breach that struck the Office of Personnel Management in 2015, possibly impacting some 20 million current and former federal employees and their families.
The best-practices document encourages agencies to seek a balance in their notification procedures by moving fast enough to comply with legal requirements and to give people time to take defensive measures, but not so quickly as to provide confusing or false information. It cites the danger of “over-notification,” which could result in people not taking the notices seriously.
The DHS Data Privacy and Integrity Advisory Committee added language that would help the recipients verify that the notice itself was not a phishing scam; and language referring to the federal requirements to ensure all notices are accessible to those with disabilities or who don’t speak English.
The document follows guidelines established by several federal agencies and a formal guidance document from the Office of Management and Budget that was released in January.
The Washington Policy Brief is an online advisory that contains brief summaries of recent legislative and regulatory issues that may affect the records and information management profession. Further information about the issue is accessed by clicking on the link provided at the end of each summary.
Want to sign up to receive an e-mail version of the Washington Policy Brief? It's free! Just tell us a little about yourself and you'll receive a monthly dose of the latest in legislation, regulation, and more.