Under pressure from lawmakers to ensure federal charge card data is secure, the General Services Administration will review the security policies of the four other SmartPay contractors after Bank of America revealed late last month that it lost the records of 1.2 million federal employees.
In a response to questions from Sen. Susan Collins, chairwoman of the Homeland Security and Governmental Affairs Committee, GSA administrator Stephen Perry said in a letter that the agency will ensure that Bank One of Wilmington, Del., Citibank of New York, Mellon Bank of Pittsburgh and US Bank of Minneapolis will “provide adequate protection for personal information of federal employees.”
Collins, a Maine Republican, wrote a letter to GSA and Bank of America last week asking how both organizations would ensure federal data is better protected [See GCN story].
GSA and the Defense Department also will conduct a joint risk assessment to review Bank of America security procedures, Perry said. Bank of America lost more than 900,000 Defense employees’ information, DOD officials said.
GSA would not offer much detail on how they are conducting the review of SmartPay vendors or the joint risk assessment.
“GSA is taking all appropriate steps to ensure that SmartPay contractors maintain security policies consistent with current industry standards,” said MaryAlice Johnson, an agency spokeswoman. “We expect these activities to continue in the coming weeks.”
Johnson added that GSA still is developing the timetable to conduct the evaluations.
Bank of America also told GSA it has changed its method of handling SmartPay system back-up operations. Bank spokeswoman Alexandra Trower said the company does not comment on those procedures for security reasons.
“We are continually improving our processes and procedures for handling our customer’s information,” she said.
Bank of America also provided GSA with a list of names of the affected cardholders and is sending out a second letter to cardholders explaining how to obtain a free credit report and fraud alert.
Digg
De.licio.us
Slashdot
Technorati
