The Computer Security Act of 1987 provides
for improving the security and privacy of sensitive information in federal
computer systems. "Security" is, of course, different than "privacy." The
security measures in any system are what enable it to operate fully, including
maintaning privacy.
The Act defines "sensitive information" to include any unclassified
information that, if lost, misused, or accessed or modified without authorization,
could adversely affect the national interest, conduct of federal programs, or
the privacy to which individuals are entitled under the
Privacy Act.
The Computer Security Act requires federal agencies to identify their computer
systems that contain sensitive information, establish training programs to increase
security awareness and knowledge of security practices, and establish a plan for the
security and privacy of each computer system with sensitive information.
The Computer Security Act seems to have had little effect on keeping personal
and private information in the hands of the federal government secure. Security
flaws in government computer systems are routinely exposed, and security lapses
remain a major threat to the privacy of personal information in government databases.
Links:
Report Card on Computer Security at Federal Departments and Agencies
Subcommittee on Government Management, Information, and Technology (September 11, 2000)
Computer
Security: Critical Federal Operations and Assets Remain at Risk General
Accounting Office (September 11, 2000)
Comments? comments@privacilla.org
(Subject: ComputerSecurityAct)
[updated 02/17/02]
