Go to Original
Security Is Poor for Personal Data Held by Government
By Chris Adams
McClatchy Newspapers
Friday 21 March 2008
Washington - Government agencies have a long way to go before they can
assure taxpayers that the country's secrets - as well as citizens' personal
information - are secure, according to recent government reports.
In fact, the Government Accountability Office testified to Congress last week
that "poor information security is a widespread problem with potentially
devastating consequences."
Among the potential concerns that the GAO identified in testimony to a Senate
subcommittee: If systems aren't secure, sensitive information, such as taxpayer
data, Social Security records and medical records, could be "inappropriately
disclosed, browsed or copied for improper or criminal purposes."
As in the breach of three presidential candidates' passport files, the use
of outside contractors has been cited as a possible problem by the GAO and other
government investigators.
In a 2005 report, the GAO found that most government agencies have security
policies on the books and written in contracts with outside vendors. But those
policies often didn't go far enough to properly oversee the work of those contractors,
the GAO said.
In the recent GAO testimony, investigators found that the percentage of employees
and outside contractors receiving security-awareness training had dropped from
2006 to 2007.
The issue of security for the personal information kept by the federal government
has been a major issue since 2006, when a portable hard drive and laptop computer
belonging to a Department of Veterans Affairs employee was stolen, putting at
risk the personal information of nearly 26 million veterans and military personnel.
The episode resolved itself without any known damage to veterans' personal
information, but it did expose holes in VA security.
Although the main episode involved a VA employee, the VA's inspector general
subsequently found that the information entrusted to contractors also needed
to be protected better. Sensitive information provided to contractors was "not
adequately safeguarded," the inspector general wrote, and many contracts
didn't consistently include clauses to protect information.
As an example, the inspector general detailed an episode at a medical center
in which 29 physicians were access to the VA's medical records system although
none had adequate background checks.
Since the 2006 data breach, the VA has significantly strengthened its information
policies.
The recent GAO testimony also highlighted a separate stolen laptop issue at
the Centers for Medicare and Medicaid Services. There, a contractor reported
that a laptop containing personal information on nearly 50,000 Medicare beneficiaries
was stolen.
"It is a serious problem," said Marc Rotenberg, executive director
of the Washington-based Electronic Privacy Information Center. He said growing
use of outside contractors, as well as questions over what legal responsibility
they have over private information, makes the issue one that the presidential
candidates should address.
"They now know what it means to have their private information improperly
accessed," he said.
-------
Jump to today's Truthout Features:
(In accordance with Title 17 U.S.C. Section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. t r u t h o u t has no affiliation whatsoever with the originator of this article nor is t r u t h o u t endorsed or sponsored by the originator.)
"Go to Original" links are provided as a convenience to our readers and allow for verification of authenticity. However, as originating pages are often updated by their originating host sites, the versions posted on TO may not match the versions our readers view when clicking the "Go to Original" links.
Print This Story
E-mail This Story