RealTime IT News

Where Have All The Laptops Gone?

More than 1,100 laptops are missing from the Department of Commerce with 249 of them containing personally identifiable information.

The agency issued the numbers Friday morning based on an inventory review from 2001 to the present. The review was prompted by public and congressional inquiries following a summer of embarrassing data breaches by the U.S. government.

Of the 15 operating units under the control of the agency, 1,137 of 30,000 laptops are lost, stolen or missing.

The Census Bureau led the list with 672 missing laptops, of which 246 contained some degree of personal data.

Commerce Secretary Carlos M. Gutierrez was quick to downplay the identity theft threat.

"All of the equipment that was lost or stolen contained protections to prevent a breach of personal information," he said in a statement.

Gutierrez said access passwords, complex database software, system safeguards and/or encryption technology limits the potential for misuse of data on the laptops.

"The amount of missing computers is high, but fortunately, the vulnerability for data misuse is low," Gutierrez said.

"While we know of no instances of personal information being improperly used, we regret each instance of lost material and believe the volume of lost equipment is unacceptable."

In a separate review requested by U.S. Rep. Tom Davis, chairman of the House Government Reform Committee, the agency found 297 instances since 2003 of the loss or compromise of personal information.

Those came from 217 laptops, 15 handheld devices and 46 thumb drives with the balance involving documents or other materials.

Davis sent letters in July to the heads of all cabinet agencies, as well as the Office of Personnel Management and the Social Security Administration, seeking detailed information on any "loss or compromise of sensitive personal information held by the federal government" since Jan. 1, 2003.

The Department of Commerce was the first to reply.

"Perhaps the most shocking thing here is that the public might not have ever known of these breaches, and their scope, if we hadn't specifically asked for the information," Davis said in a statement.

"Why aren't these inventories taken automatically, instinctively?

The Census Bureau said it deploys thousands of field representatives every year armed with laptops to compile survey data.

The Bureau said because of the unique nature of the workforce, procedural mechanisms are in place to limit data breaches.

According to the Department of Commerce, each laptop is password-protected and contains information on an estimated 20 to 30 households, and rarely more than 100.

In addition to the laptops, the Census Bureau is evaluating the use of handheld devices to record survey data in preparation for the 2010 Census.

All of the handheld devices require an initial password to operate the device.

In addition, the handhelds require a second password, only available to employees at the Census Bureau headquarters, to access the data.

Of the approximately 2,400 in use since 2004, the Bureau reported 15 with personally identifiable information have been lost, stolen or are missing.

"Unlike the laptops, it is possible for us to determine the potentially affected households, and we are in the process of contacting those 558 households even though the risk of misuse of data is extremely low," the agency said in a statement.

The National Oceanic and Atmospheric Administration (NOAA) followed the Census Bureau with 325 missing laptops, three of which contained personal data.

"This review process has clearly pointed out the flaws in the department's inventory and accountability efforts going back many years," Gutierrez said.

"We are viewing this process with the spirit of actively rooting out the problems and addressing them immediately."