Quick update... Last week I discussed our government's ongoing lost laptop follies after the House Committee on Government Reform reported that more than 1,100 laptop computers had vanished from the Department of Commerce since 2001, including nearly 250 from the Census Bureau containing such personal information as names, incomes and Social Security numbers. And the Committee is still collecting information about lost computers and compromised personal information from other federal agencies including: the departments of Agriculture, Defense, Education, Energy, Health and Human Services and Transportation and the Federal Trade Commission.
This week, in response to these findings, Rep. Tom Davis (R-VA), the Chairman of the committee, has introduced H.R. 6163, the "Federal Agency Data Breach Protection Act." The bill would establish "policies, procedures, and standards for agencies to follow in the event of a breach of data security involving the disclosure of sensitive personal information and for which harm to an individual could reasonably be expected to result." In other words, federal agencies would have to do a better job informing the public when personal data had been lost or compromised. Of course, it might be easier if they just stopped losing so many laptops!
Incidentally, why are government agencies allowing so much sensitive personal information to be kept on laptops, anyway? It doesn't seem to make much sense to me in light of how easy it is for laptops to be taken out of a government building. Why not follow these two simple rules instead: (1) Keep the really sensitive stuff on desktop computers that are bolted to desks and make sure they don't have any external inputs for personal storage devices. (2) If a government employee still finds a way to take that information home and then loses it, fire them immediately (and perhaps consider other penalties). After all, we're talking about personal information about American citizens here. This stuff should not be taken lightly.