In late June, the Office of Management and Budget (OMB) issued a mandate to federal agencies to take certain measures to protect the privacy and security of personally identifiable information stored on removable devices. A deadline for implementing the OMB’s security mandate was Monday, August 7, 2006. The mandate guidelines were based on National Institute of Standards and Technology (NIST) requirements and inspectors general at several agencies have already begun reviewing compliance with the OMB checklist mandate.

The 45-day deadline imposes requirements that are beyond execution in such a short period of time. Brett Bobley, CIO of the National Endowment for the Humanities, says that he does not think any agency can say it meets every requirement in the OMB memo,

Within the [past] 45 days your goal is to show your IG that you have thoroughly looked through [the] guidelines and determined where you meet it and where you don’t. Once you know the areas where your policies and procedures fall short, you can start to take corrective action.

While Mr. Bobley is correct that full compliance is impossible, the OMB should be proud even if agencies take a serious hard look at their information privacy and security policies and chart plans to improve how data is handled.