More than 1,100 laptops are missing from the Department of Commerce with 249
of them containing personally identifiable information.
The agency issued the numbers Friday morning based on an inventory review
from 2001 to the present. The review was prompted by public and
congressional inquiries following a summer of embarrassing data breaches by
the U.S. government.
Of the 15 operating units under the control of the agency, 1,137 of 30,000 laptops are lost, stolen or missing.
The Census Bureau led the list with 672 missing laptops, of which 246
contained some degree of personal data.
Commerce Secretary Carlos M. Gutierrez was quick to downplay the identity
theft threat.
“All of the equipment that was lost or stolen contained protections to
prevent a breach of personal information,” he said in a statement.
Gutierrez said access passwords, complex database software, system
safeguards and/or encryption technology limits the potential for misuse of
data on the laptops.
“The amount of missing computers is high, but fortunately, the vulnerability
for data misuse is low,” Gutierrez said.
“While we know of no instances of
personal information being improperly used, we regret each instance of lost
material and believe the volume of lost equipment is unacceptable.”
In a separate review requested by U.S. Rep. Tom Davis, chairman of the House
Government Reform Committee, the agency found 297 instances since 2003 of
the loss or compromise of personal information.
Those came from 217 laptops, 15 handheld devices and 46 thumb drives with
the balance involving documents or other materials.
Davis sent letters in July to the heads of all cabinet agencies, as well as
the Office of Personnel Management and the Social Security Administration,
seeking detailed information on any “loss or compromise of sensitive
personal information held by the federal government” since Jan. 1, 2003.
The Department of Commerce was the first to reply.
“Perhaps the most shocking thing here is that the public might not have ever
known of these breaches, and their scope, if we hadn’t specifically asked
for the information,” Davis said in a statement.
“Why aren’t these
inventories taken automatically, instinctively?
The Census Bureau said it deploys thousands of field representatives every
year armed with laptops to compile survey data.
The Bureau said because of
the unique nature of the workforce, procedural mechanisms are in place to
limit data breaches.
According to the Department of Commerce, each laptop is password-protected
and contains information on an estimated 20 to 30 households, and rarely more
than 100.
In addition to the laptops, the Census Bureau is evaluating the use of
handheld devices to record survey data in preparation for the 2010 Census.
All of the handheld devices require an initial password to operate the
device.
In addition, the handhelds require a second password, only available to
employees at the Census Bureau headquarters, to access the data.
Of the approximately 2,400 in use since 2004, the Bureau reported 15 with
personally identifiable information have been lost, stolen or are missing.
“Unlike the laptops, it is possible for us to determine the potentially
affected households, and we are in the process of contacting those 558
households even though the risk of misuse of data is extremely low,” the
agency said in a statement.
The National Oceanic and Atmospheric Administration (NOAA) followed the
Census Bureau with 325 missing laptops, three of which contained personal
data.
“This review process has clearly pointed out the flaws in the department’s
inventory and accountability efforts going back many years,” Gutierrez said.
“We are viewing this process with the spirit of actively rooting out the
problems and addressing them immediately.”