The Office of Management and Budget has established new policies on how federal agencies should prepare for and address a breach of personally identifiable information.
In a memo published Tuesday, OMB offers a framework for efforts to assess and mitigate risks facing affected individuals as well as guidance on how to provide notification and assistance to those individuals.
The document updates the agency’s existing breach notification policies and guidelines in line with the Federal Information Security Modernization Act of 2014.
OMB said the new rules will serve as minimum requirements in breach response and agencies may apply “stricter” measures in accordance with their missions, authorities, circumstances and risks.
The memo primarily concerns agencies’ senior officials for privacy as well as other senior agency officials, managers and staff that help evaluate risks posed by a breach.
Sections of the memo are also relevant for chief information officers, senior agency information security officers and information technology and cybersecurity personnel that support breach response efforts.