Network Computingwww.networkcomputing.com

How To Protect Against Data Thieves

Posted by Jennifer Maselli
September 01, 2005

Tags: ChoicePoint Inc., Department of Motor Vehicles, Government Accountability Office, IRS, Internal Revenue Service, Office of Privacy Protection, Privacy Rights Clearinghouse, Security Breach Information Act, XML Security Gateway, data security break-ins, data storage security policies, encryption , information security weaknesses, notification of security breaches, personal data protection, personal data security breach, personal identity exposure, personal identity theft, security best practices, security breach notification laws, security breaches, security policies, security review, system breaches, Administration, Business/Finance/Careers, Client/Server Protection, Data Networking & Management, Data Protection, Data Security, E-discovery, Government data/Web sites, Government/Legal/Regulatory, Governmental Security Issues, Intrusion Detection and Prevention, Network Security, Other, Regulatory and New Legislation, Security Hardware, Security Policies and Management, Security and Privacy, Software, Software and Hardware Vulnerabilities, Technology and Best Practices, Vulnerability Assessment and Management, data security

Channel: Other, Networking & Mgmt, Data Protection, E-discovery

More than 50 million personal identities were reported exposed or compromised in the last six months, mostly from theft, system breaches, and loss during transport. Most of the exposure has been at businesses and universities. But that doesn't mean that government entities haven't had similar incidents and aren't also vulnerable.

Government agencies have reported only a smattering of security breaches involving personal data perhaps because, until recently, few laws existed compelling them to go public. But problems are lurking. The Internal Revenue Service, with one of the most extensive collections of personal data, in June ordered a security review of a five-year, $20 million contract it has with ChoicePoint Inc., the data aggregator that allowed criminals to access data on 145,000 people. Earlier this year, in April, the Government Accountability Office found the IRS had 39 new information-security weaknesses, in addition to 21 previously identified and uncorrected problems. The Department of Homeland Security came under fire in July when the GAO said its systems don't meet federal information-security standards.

The problems aren't limited to federal agencies. In March, thieves broke into the Department of Motor Vehicles office in Donovan, Nev., and stole the system used to create drivers' licenses and IDs. They took a camera, printer, and hard drive containing personal information on 8,738 people, including signatures and Social Security numbers, as well as supplies to make licenses. In April, Georgia's Department of Motor Vehicles had an employee steal personal data on "hundreds of thousands" of people, according to the Privacy Rights Clearinghouse, a nonprofit consumer-advocacy group that has maintained a list of security lapses since the ChoicePoint incident was revealed in February.

A system that tracks child-support cases will have data protection built in at a "very granular level," California CIO Kelso says.

While the public sector hasn't had a major headline-grabbing attack, that's no guarantee of the future security of constituent and employee personal data. "All we need is one major breach to cause citizens to wonder about the rest of the data the government has," says Lester Nakamura, administrator of Hawaii's Information and Communication Services Division and chairman of the National Association of State CIOs' privacy committee.

"We're all subjected to the same basic set of risks," says J. Clark Kelso, CIO of California. "When I read about the recent attacks, I don't put too much stock in the fact that [the state government] hasn't had a serious breach in three years. Eventually, our number will come up."

Related Reading

---

More Insights

---