Rep. Kerry Bentivolio (R-Mich.) on Tuesday proposed legislation that would prevent the federal government from deploying new websites that don’t adequately protect personal data.
His Safe and Secure Federal Websites Act, H.R. 3635, would also require existing websites to show they safe and secure. If a website fails to meet that standard, the government would have to take it offline until it is repaired.
{mosads}The bill is the latest GOP response to the HealthCare.gov website, which left thousands of potential users stuck with delays and error messages when it launched in October. More recently, some computer experts have alleged that the site has weak or non-existent security features, which has led to complaints that personal data entered into the sight may not be secure.
“In its haste to implement ObamaCare, the White House has acted with reckless disregard when it comes to protecting the public from hackers,” Bentivolio said Tuesday. “With this website, they have jeopardized not only the personal information of users attempting to obtain health insurance, but also potentially compromised dozens of other federal agencies and their systems.”
Bentivolio’s bill would prohibit federal agencies from deploying a new websites that require users to enter personally identifiable information until the website is certified as “fully functional and secure.” Sites already in existence would have 30 days to be certified as safe and secure.
Certification would involve a study and report from the Government Accountability Office, and a report from the Chief Information Officer of the agency involved.
The bill defines “fully functional” as a website that “can fully support the activities for which it is designed or intended with regard to the eliciting, collection, or storage of personally identifiable information, including handling a volume of queries relating to such information commensurate with the purpose for which the website is designed.”
Among other things, it defines “secure” to mean the inclusion of security features that meet a standard “acceptable for banking purposes, the naming of an official who is in charge of all security for the site, and the capturing of personal information at the latest possible step for users.”