Description:
CBO estimates that enacting H.R. 451 would have no significant effect on the federal budget. The legislation would amend federal laws that protect the privacy of personally identifiable information collected by the government. Personally identifiable information includes any information that identifies an individual such as name, Social Security number, and medical or financial records. The legislation would prohibit an agency from deploying a new website until the agency’s Chief Information Officer certifies that all such information is safe and secure. Existing federal websites would have 90 days following enactment of H.R. 451 to comply with this requirement. The legislation also would require the Office of Management and Budget (OMB) to issue policies and procedures for agencies to follow in the event of a security breach of a federal data system that contains personally identifiable information.
No single federal law or regulation governs the security of all types of sensitive personal information collected by federal agencies. The Federal Information Security Management Act requires federal agencies to develop, document, and implement agencywide security programs for sensitive information. The Privacy Act of 1974 governs the collection, use, and dissemination by federal agencies of personal records. OMB’s 2007 memorandum on safeguarding against and responding to the breach of personally identifiable information requires all agencies to implement a policy to safeguard such information and to notify affected individuals of a security breach.
Because those laws and policies regarding the security of personally identifiable information are already in place, CBO estimates that the cost of certifying the safety of information collected by federal websites would be less than $500,000 over the next five years. Enacting H.R. 451 could affect direct spending by some agencies (such as the Tennessee Valley Authority) because they are authorized to use receipts from the sale of goods, fees, and other collections to cover their operating costs. Therefore, pay-as-you-go procedures apply. Because most of those agencies can make adjustments to the amounts collected, CBO estimates that any net changes in direct spending by those agencies would not be significant. Enacting the bill would not affect revenues.
H.R. 451 contains no intergovernmental or private-sector mandates as defined in the Unfunded Mandates Reform Act and would impose no costs on state, local, or tribal governments.
