The White House this week sent a directive to government agencies to reduce their collection, storage and chances of loss or theft of personal information such as social security numbers. The memo from the Office of Management and Budget gives agencies 120 days to come up with data breach notification policies for electronic and paper documents.
The White House asked agencies to take three important steps:
--reduce the volume of collected and retained information to the minimum necessary
--limit access to only those individuals who must have such access
--use encryption, strong authentication procedures, and other security controls
For the full memo, click here (.pdf).
The last major breach happened this month at the Transportation
Security Administration where a laptop with SSNs and bank records for
100,000 TSA employees, including security guards and air marshals, disappeared. This is hardly a new problem. Sensitive personal information has vanished from scores of government offices in recent years. Los Alamos lost data. So did the DoD and the Department of
Veterans Affairs. The Justice Department has lost laptops. The USDA
left farmers twisting in the wind. FEMA got hit. The Navy, the Army, the Census Bureau, FTC, CBO, GAO, IRS, the Transportation, Education,
Commerce and State Departments have all been victimized, some of them multiple times.
You can find a comprehensive list of data breaches since 2005 at the Privacy Rights Clearinghouse here.
Photo: Katayun
