Column: Government needs to safeguard personal info
Published 12:00 am Wednesday, March 5, 2008
By Norm Coleman, Gust Column
Like so many of you, I was extremely concerned when a laptop containing electronic data with the names, birth dates and Social Security numbers of up to 26.5 million veterans was stolen from the home of a Veterans Affairs employee in 2006. That concern turned to outrage when it was revealed their personal information was severely compromised because there were no standards being followed by government agencies to safeguard against access to this information.
The VA breach raised some serious questions that needed to be answered: What exactly is the federal government doing to protect Americans&8217; personal information? What is the extent of the vulnerabilities in information security access across the federal government? I set out to find the answers to these questions in my capacity as chairman of the Permanent Subcommittee on Investigations following the VA data breach, specifically requesting a governmentwide review of current cyber security policies and practices.
After months of investigation, the Government Accountability Office recently issued their report, revealing that most of the 24 federal government agencies have not implemented the Office of Management and Budget cyber security recommendations that were issued immediately following the VA breach. In other words, Americans&8217; personal data remains at risk.
The new cyber security protocols are essential for preventing identity theft. For example, to protect sensitive agency data that is transmitted on mobile computers and devices, the rules call for the agencies to encrypt all data transmitted on devices, allow only one user to have access to devices at a time, install a &8220;time-out&8221; after 30 minutes of inactivity on devices and erase data from databases that hold sensitive information after 90 days. Additionally, agencies will be required to employ a security checklist that provides specific actions to be taken to protect private identifiable information that is either remotely accessed or physically transported outside an agency&8217;s secure connection.
In response to the disappointing report on the agencies&8217; performance, Sen. Susan Collins, a Republican from Maine and the top Republican on the Senate&8217;s Homeland Security Committee, and I recently sent a letter to each federal agency head requesting a timeline as to when they will meet the recommendations.
Cyber identity theft is a dangerous problem that affects 10 million Americans each year &8212; one that can hamper an individual&8217;s ability to buy a home, obtain a credit card and get a job. It is affecting more and more people each year and the federal government should be out in front of trying to find a solution to this problem, not maintaining policies that will exacerbate the problem.
The clock is ticking and we need to know when the agencies are going to have the protections in place to stop the numerous data breaches we have seen over the past few years. Our citizens deserve nothing less. The sooner the federal government acts, the sooner Americans will be protected from the damaging consequences these breaches can have on their personal lives.
Norm Coleman, a Republican from St. Paul, is a U.S. senator for Minnesota.