This article, reproduced with the permission of the Association of Government Accountants, highlights the data protection challenge, updates to OMB Circular A-130, requirements of the Executive Order 13800, and critical elements of a data-protection strategy.
We typically keep valuables under lock and key. It might be jewelry in a safe deposit box or the nation’s gold reserve at Fort Knox. You might be asking, isn’t this article focused on protecting data? Well, it is. The 2012 World Economic Forum1 declared data to be a new asset class, 2 like currency or gold. It must be protected. The cost of not doing so can be devastating.
What about our government’s vast data assets, including sensitive national and homeland security, healthcare, and personally identifiable information? Data protection continues to perplex government and private-sector organizations alike. On any given day, we hear stories about organizations suffering security breaches. Cyberattackers recognize the high value of data, and have the opportunity and means to commit criminal acts — even acts of war — at their fingertips from any place in the world. The May 2017 WannaCry ransomware attack provides a vivid example.
Given the seriousness of the cyber threat, and the value of data as an asset, in July 2016 the Office of Management and Budget (OMB) updated Circular No. A-130, Managing Information as a Strategic Resource (A-130),3 and on May 11, 2017, President Donald Trump issued Executive Order 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (cyber EO).4