IRS laptop with employee data lost

291 unencrypted names and SSNs have gone missing when laptop was checked as luggage on a plane. IRS apparently has no requirement that employee data be encrypted.
Written by ZDNet UK, Contributor

On the same day that Congress was taking testimony from VA Secretary Jim Nicholson about the loss of a laptop with 26.5 million veterans' personal information, the IRS announced that an employee has lost a laptop with a much smaller amount of information, the Washington Post reports. The laptop contained sensitive personal information on 291 workers and job applicants.

The IRS's Terry L. Lemons said the employee checked the laptop as luggage aboard a commercial flight while traveling to a job fair and never saw it again. The computer contained unencrypted names, birth dates, Social Security numbers and fingerprints of the employees and applicants, Lemons said. Slightly more than 100 of the people affected were IRS employees, he said. No tax return information was in the laptop, he said.

"The data was not encrypted, but it was protected by a double-password system," Lemons said. "To get in to this personal data on there, you would have to have two separate passwords."

Why wasn't it encrypted? Tax return information being carried into the field is always encrypted, Lemons said. But it doesn't appear that there is a similar policy for employee data. Lemons only said, "Typically it's our policy to encrypt any sensitive information."

IRS employees are worried.

Colleen M. Kelley, president of the National Treasury Employees Union, said IRS employees are worried. "The first thing that comes to mind is identity theft and why care and caution wasn't taken to encrypt their data," she said.

Kelley said she is pressing the IRS to give employee data the same care and protection as taxpayer information. "They are taking this seriously and I would expect to see some changes in policy and procedures in the future," she said.

Editorial standards