OKLAHOMA EDITORIAL ON INSECURITY: DATA PROTECTION REVIEW NEEDED http://www6.lexisnexis.com/publisher/EndUser?Action=UserDisplayFullDocument&orgId=563&topicId=13712&docId=l:534064264


The Daily Oklahoman

Nov. 20--TECHNOLOGY is a wonderful thing until someone uses it to access confidential information, screw up your credit or for some other untoward purpose. Recent high-profile laptop computer and data thefts nationally and in Oklahoma have made obvious the need for public entities to take greater care with sensitive personal information.

The most well-known laptop theft came in May when a U.S. Department of Veterans Affairs employee brought home the Social Security data and birth date information of 26.5 million veterans. The laptop was recovered about a month later, and officials believe none of the personal information was accessed.

Earlier this month in Oklahoma, the Veterans Affairs Hospital in Muskogee disclosed that three computer disks with more than 1,400 veterans' Social Security numbers and billing information disappeared after they never arrived via mail to a clinic in McAlester. In that case, the veterans weren't notified until more than two months after the disappearance.

Last week, Connors State College said a laptop containing confidential information about students involved in the Oklahoma Higher Learning Access Program had been stolen in mid-October and recovered about three weeks later. Police arrested a Connors student in connection with the theft and accused him of selling the machine to relatives.

Officials with the Oklahoma State Regents for Higher Education said they are working with institutions to make sure student data is better secured. The data in question had been downloaded from a password-protected site and stored on the laptop.

In each of these cases, there was no apparent attempt to access the private data. So how easy would it be for someone unlawfully seeking the data to get ahold of it? Every state and local agency with such information should view these recent cases as a warning about the security -- or insecurity -- of personal data and review technology security procedures.