IRS Can't Account for Its Own Computers

The taxman taketh and the taxman giveth away. The Internal Revenue Service has put countless Americans at risk of identity theft by failing to secure taxpayers' private information on 52,000 laptop computers, according to a report (.pdf) by the IRS' inspector general. From 2003 to 2006, 490 laptops were also lost or stolen, many with unencrypted, sensitive data. And you wanted to pay your taxes this month....silly citizen.

In the report, the IRS's privacy policy comes out looking like Swiss cheese. Personal information and passwords are left lying around offices, often taped to computers. Backup storage systems are riddled with security holes. And the lassitude isn't confined to a specific branch of the IRS. It's pervasive in field offices throughout the land. Even worse, the IRS was warned sternly in 2003 about some of the same problems and did nothing about them until last year.

Here are some of the handy security guidelines the IRS tells its employees about:

"...employees are responsible for ensuring security over their laptop computers when not in their possession by storing them in a locked container or physically securing them to immovable furniture with a cable lock when not in use. When in transit, on business trips, or commuting to the workplace, employees shall secure the laptop computer in a vehicle trunk. When traveling by plane, bus, or train, employees shall retain possession of the laptop computer under the seat in front of the employee rather than in an overhead bin. Employees shall not check laptop computers with luggage at airports, leave laptop computers unattended in public places, leave laptop computers in plain view when leaving the hotel room, or leave laptop computers at home where sensitive information can be easily seen."