Feds Get Mixed Report Card On Data Breaches

A Government Accountability Office study recommends that agencies improve the way they respond to data breaches; new guidelines are en route.

A study of government data breaches is sparking a review of how agencies respond to incidents in which personal information is improperly exposed. New guidelines from the Office of Management and Budget (OMB) are expected to be phased in by the end of the year.

The Government Accountability Office study found that OMB guidelines for protecting personally identifiable information (PII) held in agency systems are incomplete and are not implemented consistently. As a result, agencies may not be taking corrective actions consistently to limit the risk to individuals from PII-related breaches.

The number of PII breaches reported to the Homeland Security Department’s US Computer Emergency Readiness Team (US-CERT) is growing steadily. There were 22,156 data breaches reported in fiscal 2012 — a 42% increase from 2011 and a 111% increase from 2009. But the GAO found that requirements for quickly reporting these breaches could be doing more harm than good.

[Will 2014 be the year of change for the security industry? Increase Cyber-Security Workforce, Government Urged.]

The OMB requires breaches to be reported to the US-CERT within an hour of discovery, but it can take days to compile complete information on a breach. The US-CERT said it usually can do little with information reported in the initial hour, and the agencies reviewed in the study have not asked it for assistance in responding to breaches. As a result, these agencies may be expending resources to meet reporting requirements that provide little value and divert time and attention from responding to breaches, the GAO said.



The US-CERT’s most significant role in government cybersecurity involves IT systems and networks. Given this limited role in dealing with PII breaches, the requirement to report all these incidents within an hour provides little value, especially in cases in which the data is encrypted or on paper, the GAO said. Consolidated periodic reporting of these incidents would be equally helpful and could free up resources that could be better used elsewhere.

The GAO recommended that the OMB update its guidelines to agencies to include the following:

  • Guidance on notifying affected persons based on the level of risk from the information exposed
  • Criteria for determining when assistance such as credit monitoring should be offered to affected individuals
  • Requirements for reporting PII-related breaches to the US-CERT, including revised timeframes and consolidated reporting of incidents that pose limited risk.

The Department of Homeland Security said it has begun working on the recommendations. Jim H. Crumpacker, the DHS liaison with the GAO, said the US-CERT has worked closely with the National Institute of Standards and Technology and has begun engaging with the OMB for the purposes of gathering requirements specific to these actions, and it will support the OMB in ongoing efforts to achieve the goals. New reporting requirements are expected to be fully phased in by Dec. 31.

The report also includes 22 recommendations to agencies, generally calling for better documentation of procedures for assessing the risk posed by a breach and notifying affected persons, as well as evaluations of breach responses so that lessons learned could be incorporated into policies.

The agencies reviewed for the report included the Centers for Medicare and Medicaid Services, the Department of the Army, the Department of Veterans Affairs, the Federal Deposit Insurance Corp., the Federal Reserve Board, the Federal Retirement Thrift Investment Board, the Internal Revenue Service, and the Securities and Exchange Commission.

William Jackson is a technology writer based in Washington, DC, who specializes in telecommunications, networking, and cybersecurity in the public sector.

Read More

FileBound 6.6 Delivers Enhanced Workflow Processing and a Remarkable Mobile Experience

Latest release of leading document management and workflow automation platform includes 78 percent faster Optical Character Recognition (OCR) performance plus Android and iOS device support.


Customers have more power than ever at their fingertips.

Austin, TX (PRWEB) October 01, 2013

FileBound, a leading provider of document management and workflow automation software and part of the Upland family of cloud-based project, portfolio, and work management applications, today announced the availability of its latest product release, FileBound 6.6.

FileBound provides an integrated workflow and document management system that can be deployed as a cloud-based service or implemented locally. The solution was developed on the web using a Microsoft platform so that it can be easily integrated into the most widely used software systems, and adapted to meet the individual needs of any business from SMBs to large corporations. At the heart of the FileBound solution are process automation tools that are simple to manage, allowing non-technical users to control rules, decisions, and work assignments. Within FileBound, customers can configure and generate reports that allow them to develop systematic audit procedures, manage information processes, and comply with government regulations. FileBound’s powerful document management capabilities also help bridge the gap between digital content and paper documents, allowing organizations to seamlessly manage records and information.

The 6.6 release improves on FileBound’s class-leading software by introducing the following major enhancements:

  •     FileBound Touch has been extended to the mobile phone with an updated layout and functionality designed to take full advantage of device-specific features on Android and iOS devices.
  •     FileBound Capture 6.6 increases Optical Character Recognition (OCR) performance by as much as 78 percent, and provides many new features including pattern matching in templates, Web Viewer support for unhandled file types, and a Forms Menu that provides users the ability to select and complete an e-form without accessing an external website.
  •     Visual Workflow Processing allows users to see a visual map of all the steps in a workflow process, including the path a document has taken and what steps are ahead in the workflow.

Dan Yount, FileBound General Manager, said, “With FileBound 6.6 customers have more power than ever at their fingertips to drive out cost, improve customer service and become more efficient. FileBound is the perfect solution for organizations needing mobility, flexibility and native cloud capability to provide workflow automation to their business, no matter how big or small.”

About FileBound

FileBound provides workflow automation and document management solutions that improve the operation of any organization by connecting users with the information they need to work more efficiently and effectively. With FileBound, customers can build automated workflow processes and centrally manage documents to improve compliance, collaboration, and access to information. FileBound solutions can be deployed locally or as a cloud-based service, and have been implemented by organizations of all sizes around the world. FileBound is part of the Upland Software family of cloud-based project, portfolio, and work management applications.

Record Storage Systems is a certified partner of Filebound by Upland serving the Carolinas – Contact us today at 704-588-2820 and ask how we can help streamline your organization’s document flows.

Read More