The Congressional Budget Office has said that enacting the Safe and Security Federal Websites Act, which is now ready for a full House vote, would have relatively little cost to agencies, less than $500,000 total over five years.
Currently, it said, no single federal law or regulation governs the security of all types of sensitive personal information collected by federal agencies. Several do affect certain aspects, however, including the Federal Information Security Management Act and the Privacy Act, while an OMB directive requires agencies to safeguard personally identifiable information and provide notification of any security breach.
Under the pending House bill, agencies would have 90 days to assure that existing sites comply with certain standards to protect personally identifiable information such as name, Social Security number, and medical or financial records. In addition, agencies could not launch new sites until their CIO certifies compliance.
It further would require OMB to issue policies for agencies to follow in the event of a breach of a federal data system that contains such information.
