OPM Data Breach Consequences for 2016 and Beyond

The recent data breaches at the Office of Personnel Management impacted millions of current and former federal employees. These are highlights of some actions the government is taking to secure the personal data of its workforce.

The data breach that occurred in June 2015 was estimated by FBI Director James Comey to affect 18 million people. It may still be affecting many millions in the New Year.

While Katherine Archuleta was replaced by Beth Cobert in July 2015, and the Cybersecurity Resource Center written about here on FedSmith a few months ago may prove helpful to those individuals whose personal information was stolen, both those affected and those who escaped consequences should be vigilant through 2016.

The Federal Trade Commission has created a website to protect consumers from identity theft, but the reality is that personal information is only as secure as the person who is managing it. It is wise for a person to keep track of his or her personal identification.

The federal government is taking steps to resolve the data breach. A new cybersecurity officer was appointed last November. Clifton Triplett, a former cybersecurity officer in the U.S. Army Signal Corps and a former managing partner for a global management consulting company, was appointed as the Office of Personnel Management’s (OPM) Senior Cyber and Information Technology Advisor, reporting directly to Acting Director Cobert on how to strengthen cybersecurity.

On October 21, 2015, the Office of Management and Budget (OMB) issued a proposed update to Circular A-130, releasing it for public comment until early December. The proposed update “provides general policy for the planning, budgeting, governance, acquisition, and management of Federal information resources. It also includes appendices outlining agency responsibilities for managing information, supporting use of electronic transactions, and protecting Federal information resources.”

The proposal primarily suggests greater coordination and continuous monitoring amongst federal agencies. Public comment closed on December 5, 2015, and the Office of Management and Budget (OMB) is currently reviewing the information to “revise the policy as necessary.”

So where does this leave a federal employee until the update to Circular A-130 is underway? That employee is likely still in limbo.

Though positive steps have been taken, and Advisor Triplett’s appointment indicates increased interest on the part of OPM regarding cybersecurity breaches, the threat still clearly exists.

The recent issuance of a request for information (RFI) by the National Institute of Standards and Technology on December 11, 2015, may provide an outlet for federal employees to provide suggestions to the federal government on cybersecurity. While it clearly cannot mitigate the actual harm done to employees, participation in this RFI by those employees who were affected by the data breach last summer can only strengthen the governmental approach to cybersecurity and ensure that the government is better positioned to respond to upcoming cyber attacks.

About the Author

Mathew B. Tully is a founding partner of Tully Rinckey PLLC. He concentrates his practice on representing federal government employees and military personnel. To schedule a meeting with one of the firm’s federal employment law attorneys call (202) 787-1900. The information in this column is not intended as legal advice.