DATA ON THE LOOSE

After numerous instances of federal government agencies mishandling or losing personal information, the agencies pledged to improve their data security standards and practices. Two years later, the agencies still have much work to do. A deadline for ensuring data security could help.

The Office of Management and Budget last year directed federal agencies to implement five security protocols, including encrypting data on mobile devices that carry agency data, stricter remote access protocols for accessing government data from outside an agency and tracking downloads of sensitive information.

A recent report from the Government Accountability Office found that only two of 24 government agencies reviewed had implemented the OMB’s five data security measures. The two that had were the Treasury Department and the Department of Transportation. The Small Business Administration and the National Science Foundation had implemented none, although agency representatives say they have adopted all or part of the measures since the GAO met with them in the fall before preparing its report.

Still, “opportunities exist to bolster federal information security,” the GAO helpfully concludes.

In addition to opportunities, the agencies have a blueprint in the OMB recommendations. The OMB directive is a result of numerous data-security problems in recent years. For example, the Department of Veterans Affairs lost a hard drive containing personal information on 1.3 million physicians and patients. Previously the VA lost millions of patient files when a laptop, improperly taken to an employee’s home, was stolen. Data has also gone missing or been improperly disclosed by the Federal Trade Commission, departments of agriculture, energy and the Navy.

Despite the OMB directive and other government efforts, the GAO report warns that data security remains weak.

This prompted Sen. Susan Collins, chair of the Senate Homeland Security Committee, along with Sen. Norm Coleman, a Republican from Minnesota, to ask the 24 government agencies for a timeline for when they will meet the OMB recommendations.

This is a good step. Ensuring they meet the timelines would be a logical next one.

As the government collects more and more information about all Americans, the public must have confidence that the agencies not only know how to handle it responsibly, but that they actually will.