US CAN'T ANYONE IN WASHINGTON KEEP PRIVATE DATA PRIVATE? Our view on information security: Can't anyone in Washington keep private data private? - Opinion - USATODAY.com:

Our view on information security: Can't anyone in Washington keep private data private?

As agency foul-ups multiply, it’s time for some accountability.

If there's a way that personal data entrusted to the government can be lost, stolen, breached or otherwise compromised, you can bet federal agencies will find it. In fact, they probably already have, judging by the welter of high-profile embarrassments in the past year:

*A laptop containing personal data on 26.5 million veterans was stolen from the home of a Department of Veterans Affairs employee last May. (It was recovered a month later.)

*Nearly 500 IRS computers, many containing sensitive taxpayer data, were lost or stolen from workers' cars, homes and offices over 3 1/2 years, starting in January 2003.

*The Agriculture Department posted on a public website Social Security numbers of about 38,700 people who had gotten USDA loans or other aid.

*The Transportation Security Administration — the folks who secure the nation's air travel system — couldn't secure a portable hard drive holding personal and banking records on 100,000 former and current workers, including air marshals, who work undercover. The drive disappeared from TSA offices last week.

The list goes on and on, with federal agencies seemingly incapable of learning from past fiascos and exposing ever more people to privacy invasion and identity theft.

Last month, Congress' Government Accountability Office reported that 21 of 24 major agencies had "significant weaknesses" in information security controls, putting data at risk. At many, even basic barriers to keep intruders out were wanting: 18 agencies had weak access controls, such as passwords and encryption.

Seven Cabinet-level agencies — including the Defense Department and Treasury Department (home to the IRS) — got failing grades on a report card on data security issued by Rep. Tom Davis, R-Va., of the House Oversight and Government Reform Committee. That's appalling, considering the kinds of data those agencies hold.

Some agencies even fail to learn from their own experience. Despite last year's laptop debacle at Veterans Affairs, a VA portable hard drive with billing data for 1.3 million doctors and personal information on a half million veterans disappeared from a facility in Birmingham, Ala., in January. Some of the data were not encrypted.

The Office of Management and Budget, which oversees computer security throughout the agencies, says it has tackled the problem with stricter controls and more training. But there's not much evidence of success.

What's missing is accountability, which makes the solution seem fairly straightforward. Agency heads need to make it their mission to see that the records they administer are secure, and there should be consequences if they fail.

The Bush administration clearly is not giving the problem that kind of priority, and if it doesn't, you can bet on this: Advancing computerization will inevitably make the problem worse. Disappearing hard drives, lost computers and personal data popping up on the Web are just the early signs of much bigger trouble ahead.

Posted at 12:22 AM/ET, May 10, 2007 in Ethics - Editorial, Law/Judiciary - Editorial, Politics, Government - Editorial, Privacy - Editorial, Technology - Editorial, Terrorism - Editorial, USA TODAY editorial | Permalink

USA TODAY welcomes your views and encourages lively -- but civil -- discussions. Comments are unedited, but submissions reported as abusive may be removed. By posting a comment, you affirm that you are 13 years of age or older.