Another indication that the US Government is taking personal information protection much more seriously since the VA breach, the Office of Management and Budget has advised all government CIOs that all breaches of personal information, known or suspected, must be reported to US-CERT within one hour of discovery.
Memorandum for Chief Information Officers
As you know, the reporting procedures require agencies to report according to various timeframes based on type of incident. This memorandum revises those reporting procedures to now require agencies to report all incidents involving personally identifiable information to US-CERT within one hour of discovering the incident. You should report all incidents involving personally identifiable information in electronic or physical form and should not distinguish between suspected and confirmed breaches. US-CERT will forward all agency reports to the appropriate Identity Theft Task Force point-of-contact also within one hour of notification by an agency.
Via Pogo Was Right.