How many laptops has the Commerce Department lost? One thousand, one hundred, the agency revealed today - including 250 from the Census Bureau. Those contained personal information like names, incomes and Social Security numbers. The revelations comes only because the House Committee on Government Reform requested that agencies take inventories of their computer holdings in the light of the VA's infamous laptop loss.
The Washington Post reports that the Committee has asked 17 departments to give an accounting.
Of the 10 departments that have responded, the losses at Commerce are "by far the most egregious," said David Marin, staff director for the committee. He added that the silence of the remaining seven departments could reflect their reluctance to reveal problems of similar magnitude.
About 6,200 households may have had their information compromised by the losses, Commerce Secretary Carlos Gutierrez said.
Sen Tom Davis (R-Va) issued a statement today:
Perhaps the most shocking thing here is that the public might not have ever known of these breaches, and their scope, if we hadn't specifically asked for the information. "Why aren't these inventories taken automatically, instinctively? The reality is, we are incapable of storing, moving and accessing information. No government does these things well, especially big governments. We spend tens of billions of dollars a year on information technology. You'd think we could share information by now. But we are still an analog government in a digital economy and culture. ... The American people deserve better from their government.
To that end, Davis has introduced the Federal Agency Data Breach Notification Act, he said.
[F]ederal agencies hold massive amounts of sensitive personal information on every person in the US, including health records, tax returns, and military records. There is no policy, procedure, or standard for notifying citizens when sensitive personal information held by a federal agency is compromised.
"In light of the VA breach and the subsequent delay in public notification, as well as a number of other incidents involving federal agencies, a strong government-wide policy is required. My bill would require OMB to establish policies, procedures, and standards for agencies to follow in the event of a data breach. Given these recent disclosures, I intend to revisit that bill and augment it as necessary. If we re going to ask and sometimes demand information from the public, we owe them a better way of knowing when that information goes missing.