The White House recently released a memo on information protection and data breach response to the heads of all federal government departments. The memo outlined new rules for responding to data breaches as well as new rules on information-handling procedures.

Now, privacy and information security officers are pushing to meet the September 21 deadline to develop and implement data breach policies.

On July 18, chief privacy officers gathered to learn tips about how to protect personal information, and how to improve their security measures.

Developing policy is easy, said Tim Grance, manager of the National Institute of Standards and Technology’s computer security division at the briefing organized by the Homeland Defense Journal, but, he added, “God and the devil both dwell in the implementation.”

For example, many databases are accessed by agencies across the government. The fact that this database is accessible by so many is, in and of itself, quite problematic. The costs and benefits of such access must be weighed.

After a security policy is created and implemented, employees must also be aware of their part to play. There needs to be an ongoing security training initiative, and monthly reminders. Some of these training initiatives have thus far been creative. One agency created a logo in the design of an egg with the tag line “it’s fragile like data”, and used the logo to teach employees about protecting private information and cleaning up “broken eggs” - recovering from data loss.

Posters have been put up with information on what employees should do if their laptop or portable device is stolen - and how to prevent such thefts from happening. Reporting the incidents is the top priority.

Via Federal Times Tags: security breach, security policy, data breach, data breach policy, government, government security, privacy, information privacy