Commerce reports extensive notebook PC, data loss
- By Mary Mosquera
- Sep 22, 2006
Every year, thousands of temporary Census Bureau field representatives fan out around the country to gather data door-to-door and compile survey data, using notebook PCs in their work. Many of those notebooks go missing annually.
The Commerce Department reported 1,137 of its notebooks as lost, stolen or missing since 2001, with 249 of them containing personally identifiable information. The majority, or 672, were assigned to Census. Of those, 246 contained personal data, and 107 were fully encrypted.
Given the unique nature of the Census workforce and method of data collection, the bureau has had technological and procedural mechanisms in place that limit any potential breach of information.
Each notebook contained information on up to 30 households, and rarely more than 100. Field workers regularly transmitted survey data at the end of each day, and such data was fully removed from the notebooks at the end of each survey period.
Commerce disclosed the information as a result of governmentwide congressional and public inquiries. The agency said it was not aware of any data being improperly accessed or used.
The missing notebooks were part of 30,000 notebooks within Commerce's inventory over that period. The notebooks containing personal information were protected with access passwords, complex database software, systemic safeguards and/or encryption technology that limited the potential for misuse of their data.
A separate review in response to a request for information from House Government Reform chairman Tom Davis (R-Va.) regarding loss or compromise of any sensitive personal information from 2003 to the present found that there were 297 instances. These included: 217 notebooks; 15 handheld devices; 46 flash or thumb drives; and the rest involved documents or other materials.
Commerce said the high volume of lost equipment was unacceptable and regretted the loss of data but was optimistic that the vulnerability for data misuse was low.
'We have an obligation to be good stewards of public property and government data,' Commerce secretary Carlos Gutierrez in a statement.
Commerce's National Oceanic and Atmospheric Administration reported 325 missing notebooks, of which three contained personal data. NOAA currently has over 12,000 notebooks in its inventory. In one instance, a NOAA law enforcement agent's notebook with some case file information was stolen.
In July, a notebook containing dates of birth, addresses and Social Security numbers on 146 employees and contractors was reported stolen following a building fire in a NOAA facility in Seattle. NOAA contacted each of the affected people and offered credit counseling.
Other Commerce bureaus had 132 notebooks lost or stolen in the last five years. None of these contained personally identifiable information.
Among remedies to improve data security, Gutierrez plans to:
- ask the department's Inspector General to conduct an investigation
- direct an on-site senior Commerce management team review at Census
- institute inventory reforms, including the creation of one comprehensive
- database for all departmental property, raising employee accountability standards
- expand training to raise user awareness.
Gutierrez also will ensure that recent policies from the Office of Management and Budget are implemented to encrypt all department notebooks, institute two-factor authentication for remote access and notebook use, and establish a reporting process for personally identifiable information.