OMB orders agencies to report on efforts to protect private data

Changes to the Federal Information Security Management Act will require federal agencies to report on how they are protecting private information, starting at the end of this fiscal year, according to a memo released from the Office of Management and Budget Friday.

FISMA, which took effect in 2002, requires agencies to conduct annual reviews of information security programs and report the status of complying with security guidelines.

The changes outlined in the memo are aimed at enhancing protection of personal information "to maintain a comprehensive context for security and privacy of federal information across government," according to OMB.

With the new FISMA requirements, every agency will be asked to provide:

• The number of each type of privacy review conducted during the last fiscal year.
• Information about the advice provided by the senior agency official for privacy during the last fiscal year.
• The number of written complaints for each type of privacy issue allegation received by the senior agency official for privacy during the last fiscal year.
• For each type of privacy issue received by the senior agency official for privacy for alleged privacy violations during the last fiscal year, the number of complaints the agency referred to another agency with jurisdiction.