Lost Laptop Follies, Part 5

by on May 7, 2007 · 6 comments

Previous installments (1, 2, 3 & 4) in this series have documented how our government seems to have a difficult time keeping tabs on laptops and personal information. The latest on this front comes from the Transportation Security Administration (TSA). Last week, the TSA informed us that a computer hard drive containing the personal, payroll and bank information of 100,000 current and former TSA workers has apparently gone missing and is assumed stolen. The FBI and the Secret Service have apparently opened a criminal investigation into the matter.

I was about to launch into another rant on this front, but then I picked up this morning’s Washington Post and their editorial on this issue really nails it:

This is getting ridiculous. When it comes to safeguarding private information from the growing identity theft industry, Uncle Sam’s track record is horrendous.

Up until the TSA’s major breach, the Census Bureau, the Agriculture Department and the Federal Emergency Management Agency were the latest agencies to blunder by revealing Social Security numbers. Tooling around on an Internet site maintained by the Census Bureau, a bored Illinois farmer did a search of her farm’s name and found references to a loan application she filed with the USDA. There for all the world to see was her Social Security number. A review by the USDA found that the numbers of 38,700 farmers had been exposed on the site. Over at FEMA, the fumble was printing Social Security numbers on the outside address labels for 2,300 agency personnel who were being reappointed as disaster assistance employees. To its credit, FEMA moved quickly to correct the problem, apologize to the individuals affected and offer them credit-monitoring protection.

The TSA also has apologized to its employees and offered them credit-monitoring protection. But because this is the TSA — the agency that employs airport screeners and air marshals — this is not your run-of-the-mill identity theft worry. There are security issues here, which is why the TSA was right to call in the FBI and the Secret Service to investigate. This episode reminds us of last year’s theft of the Department of Veterans Affairs laptop with information on 26.5 million people nestled in it. It was later returned with the information untouched. We can only hope for a similar outcome at the TSA.

I’d like to believe that someone will be held accountable for this, but I’m sure nothing much will change. When private sector data breeches occur–and they certainly do–lawsuits start flying and heads roll. By contrast, when the government loses personal information–information that his usually more sensitive than that which private actors collect–about the most that ever comes out of it is another GAO report calling for “more accountability.”

  • http://www.identitydefense.blogspot.com Michael Durnack

    GAO-07-657 issued last month was titled “Privacy – Lessons Learned About Data Breach Notification”

    Maybe they lacked on distribution.

    This comes out on the heels of the President’s Identity Theft Task Force Report that outlined steps the gov’t wants to take to curtail identity theft.

    Shouldn’t they stop adding to the problem, before trying to offer solutions?

  • http://www.identitydefense.blogspot.com Michael Durnack

    GAO-07-657 issued last month was titled “Privacy – Lessons Learned About Data Breach Notification”

    Maybe they lacked on distribution.

    This comes out on the heels of the President’s Identity Theft Task Force Report that outlined steps the gov’t wants to take to curtail identity theft.

    Shouldn’t they stop adding to the problem, before trying to offer solutions?

  • http://www2.blogger.com/profile/14380731108416527657 Steve R.

    To “steal” from Fox news, can we be “fair and balanced”. The loss of sensitive data is not solely a government problem. Corporations also have a long way to go in protecting data. Corporate data security lapses also deserve exposure. Maybe you could alternate your articles between corporate and government security lapses. :)

  • http://www2.blogger.com/profile/14380731108416527657 Steve R.

    To bad I didn’t see this earlier at TechDirt for my post above. Depths Of TJX’s Incompetence Continues To Astound.

  • http://www2.blogger.com/profile/14380731108416527657 Steve R.

    To “steal” from Fox news, can we be “fair and balanced”. The loss of sensitive data is not solely a government problem. Corporations also have a long way to go in protecting data. Corporate data security lapses also deserve exposure. Maybe you could alternate your articles between corporate and government security lapses. :)

  • http://www2.blogger.com/profile/14380731108416527657 Steve R.

    To bad I didn’t see this earlier at TechDirt for my post above. Depths Of TJX’s Incompetence Continues To Astound.

Previous post:

Next post: