Commerce loses more than 1,100 laptops
- By Michael Hardy
- Sep 22, 2006
Since 2001, 1,137 laptop computers owned by the Commerce Department have been lost or stolen, and 249 of those contained personally identifiable information, according to an internal review.
Personally identifiable information can include Social Security numbers and other data useful to identity thieves.
The majority of the missing laptops – 672 -- had been used by the Census Bureau, according to the report. However, Commerce officials emphasized the security measures that should protect sensitive information stored on them, including:
Requiring a password to access any information.
Storing census survey data in a complex format requiring specialized software to view.
Fully encrypting 107 of the computers.
Census also reported the loss of 46 thumbdrives and 15 handheld devices, all of which were fully encrypted.
Many of the missing devices were either stolen, in some cases from employees' vehicles, or not returned by former employees, according to the Commerce statement.
Commerce also undertook a separate review in response to a request for information from the House Government Reform Committee Chairman Rep. Tom Davis (R-Va.) regarding the loss or compromise of any sensitive personal information from 2003 to the present. That survey found 297 instances, including 217 laptops, 15 handheld devices and 46 thumbdrives. The rest involved documents or other materials.
Davis issued an angry statement in response to the report.
"Perhaps the most shocking thing here is that the public might not have ever known of these breaches, and their scope, if we hadn't specifically asked for the information," Davis said. "Why aren't these inventories taken automatically, instinctively?"
Davis said he will craft legislation to reduce such losses and require speedier responses when they do happen.
"The American people deserve better from their government," he said.
Commerce Secretary Carlos Gutierrez outlined steps he intends to take to prevent future losses of data, including:
Conducting inventory reforms, including the creation of one comprehensive database for all departmental property.
Requiring 100 percent encryption for department laptops and two-factor authentication for remote access.
Raising employee accountability standards and expanding training.