Weeks after the Federal government began sending snail mail notifications to the 21.5 million victims of the Office of Personnel Management breach, the Department of Defense proposed creating a hack victims database.
The Pentagon’s proposed database, the Defense Manpower Data Center, would store the information in a “holding file,” according to an Oct. 14 Federal Register notice.
“The information collected will be used only to verify whether or not an individual was impacted by the OPM cybersecurity incident involving background investigation records and to send a letter confirming status as ‘impacted’ or ‘not impacted’ by this incident,” the proposal stated.
Will taking a pledge like this solve the EU-US data export crisis? No. Will it prevent government surveillance activities occurring upstream on Internet and telecoms pipes over which the business has no control? No. But will it demonstrate a commitment to the world that the business takes its data subjects’ privacy concerns seriously and that it will do what is within its power to do to prevent unlawful surveillance – absolutely: it’s a big step towards accountably showing “adequate” handling of data.