Lost Laptop Follies, Part 3

by on November 3, 2006 · 6 comments

In recent blogs, I’ve been documented the troubling reports of government losing laptops and compromising private information. And as I mentioned in another report, Rep. Tom Davis (R-VA), the Chairman of the committee, has introduced H.R. 6163, the “Federal Agency Data Breach Protection Act” to try to get this problem under control, although the legislation would really do nothing of the sort.

Sadly, there’s more news to report on this front.


(1) Government Computer News reports that:

* “The Army’s Accessions Command in Ft. Monroe, Va., reported a laptop computer with personal information on 4,600 scholarship applicants for the Reserve Officer Training Corps went missing Oct. 23. The command just yesterday let the House Government Reform Committee know that the notebook went missing. The committee asked all agencies to report all data breaches since Jan. 1, 2003. Agencies had until July 24 to report their information, but the committee still is receiving reports of data breaches. Paul Boyce, an Army spokesman, said the data was password protected using the Common Access Card. This means whoever allegedly stole the laptop would need the card and the user’s personal identification number to access the computer. However, the data itself was not encrypted.”

(2) The Los Angeles Times reports that:

* “The Department of Veterans Administration confirmed Thursday that a computer containing the personal data of military veterans was stolen from the agency’s Manhattan hospital. VA spokeswoman Jo Schuda said the laptop computer, used to measure pulmonary function, was stolen from a locked room in a locked hallway at the VA hospital. The theft occurred Sept. 6, but VA officials sent out a letter to veterans only within the past two weeks. The personal data of about 1,600 people was on the computer’s hard drive. It was the third theft of personal data from a VA facility in less than a year.”

(3) Federal Computer Week reports that:

* “Rep. Tom Davis (R-Va.) says agencies may be underreporting their computer thefts…. Davis said he wonders if the agencies were “lucky, good or maybe…incomplete in their reports.” “Congress and the public wouldn’t have learned about these events unless we went proactively at the information,” he said. “This history of withholding events needs to stop.” He added that he would follow-up with agencies that reported few thefts to ensure that they properly reported losses.”

Not a pretty picture.

  • http://tieguy.org/ Luis Villa

    So Adam, where is the post when private industry loses ten times that many names and socials? I’m not trying to minimize the problem when government does this, but your framing makes it sound as if this is merely a government problem- which is manifestly untrue, and has policy implications.

  • http://tieguy.org/ Luis Villa

    So Adam, where is the post when private industry loses ten times that many names and socials? I’m not trying to minimize the problem when government does this, but your framing makes it sound as if this is merely a government problem- which is manifestly untrue, and has policy implications.

  • Michele Kunze

    I flew from American Airlines on 9/9/06 from LaGuardia to ORD. I checked 2 bags. When I got home and opened the bags, where I had stored my computer laptop there was a notice saying “NOTICE OF BAGGAGE INSPECTION”. My Laptop was gone. I called TSA on 9/10 AM. I filled out a form. I heard from them Nov. 3. They are offering me $312.85. The computer cost me $1,400. The letter asks me to check one of 2 boxes: “I ACCEPT this offer” OR “I REJECT this offer completely and do not wish to negotitate a settlement. I understand that by checking this option, my administrative claim will be denied”

    Do you know of a lawsuit against TSA???

  • Michele Kunze

    I flew from American Airlines on 9/9/06 from LaGuardia to ORD. I checked 2 bags. When I got home and opened the bags, where I had stored my computer laptop there was a notice saying “NOTICE OF BAGGAGE INSPECTION”. My Laptop was gone. I called TSA on 9/10 AM. I filled out a form. I heard from them Nov. 3. They are offering me $312.85. The computer cost me $1,400. The letter asks me to check one of 2 boxes: “I ACCEPT this offer” OR “I REJECT this offer completely and do not wish to negotitate a settlement. I understand that by checking this option, my administrative claim will be denied”

    Do you know of a lawsuit against TSA???

  • http://www2.blogger.com/profile/14380731108416527657 Steve R.

    Forbes Magazine, Sept. 7, 2006, ran an article: “Laptop Hall of Shame”. While this article details, as you note, government laptop faux pas; it also goes into detail concerning the lack of corporate data laptop security. Robert Ellis Smith, of Forbes, wrote: “The monthly newsletter I publish, Privacy Journal, reported 24 serious instances of Social Security numbers and other sensitive data compromised through stolen or lost laptops in 2006. The newsletter called it the “Lost or Stolen Laptops Hall of Shame.” And we still have four months left in 2006. There were at least ten incidents during the final four months of 2005. All these incidents involved companies that handle personal information routinely. (Apparently too routinely!) (emphasis added) Clearly, the lack of security is not just a government problem, it is a universal problem. In developing a policy responsive to this issue we need to also acknowledge in any proposed policy the failure of corporations to take proactive action.

  • http://www.blogger.com/profile/14019452 Steve R.

    Forbes Magazine, Sept. 7, 2006, ran an article: “Laptop Hall of Shame”. While this article details, as you note, government laptop faux pas; it also goes into detail concerning the lack of corporate data laptop security. Robert Ellis Smith, of Forbes, wrote: “The monthly newsletter I publish, Privacy Journal, reported 24 serious instances of Social Security numbers and other sensitive data compromised through stolen or lost laptops in 2006. The newsletter called it the “Lost or Stolen Laptops Hall of Shame.” And we still have four months left in 2006. There were at least ten incidents during the final four months of 2005. All these incidents involved companies that handle personal information routinely. (Apparently too routinely!) (emphasis added) Clearly, the lack of security is not just a government problem, it is a universal problem. In developing a policy responsive to this issue we need to also acknowledge in any proposed policy the failure of corporations to take proactive action.

Previous post:

Next post: