Government Gets a 'C' on Data Protection

Studies find improvement, but still a lot of holes in federal and state identity protection.
Author:
Publish date:

While the government offers plenty of tips for consumers to protect themselves from identity thieves, it hasn't been too careful with Americans' personal information itself.

One-fifth of publicly disclosed identity breaches stem from state mishaps, according to a

Consumer Reports

analysis of

a comprehensive list

of data breaches maintained by Privacy Rights Clearinghouse.

For instance, in one recent incident, the San Francisco Human Services Department carelessly discarded confidential case files in garbage and recycling bins on a curb. The files contained "blown up copies" of Social Security cards, driver's licenses, passports, bank statements and other sensitive personal information, according to the Web site.

All told, there have been more than 230 of such bungles by federal, state and local governments from 2005 through mid-June, which have exposed at least 44 million consumer records.

While the Clearinghouse list provides some startling examples of carelessness by government agencies -- as well as health care companies, retailers, banks and even a Department of Consumer Affairs -- Consumer Reports notes there are many other data breaches from state agencies that go unreported. A 2006 investigation by the House Oversight and Government Reform Committee discovered 788 breaches between January 2003 and July 2006 at 17 federal departments and agencies -- few of which were publicly disclosed.

A more recent report from the Treasury Inspector General for Tax Administration revealed 24 incidents in which IRS laptops containing 480 taxpayers' information were lost or stolen because IRS employees put them in checked baggage at an airport, left them in unlocked cars or lost them on trains or buses. Only one employee was disciplined.

The House Oversight Committee gave the government a "C" for 2007, up from a "D+" two years earlier in terms of security, with the departments of the Treasury, Veterans Affairs, Agriculture, Interior and the Nuclear Regulatory Commission, among others, receiving failing grades.

"With government data breaches, even fewer get identified because the government, unlike business, doesn't have a financial incentive to do so," says Robert Tiernan, managing editor of

Consumer Reports

. "It's very important that the government view citizens as their customers and place more value on sensitive information."

With such a poor GPA for government agencies and other outlets that store, process and receive consumer data, there's only one way to

shield yourself from identity thieves

: Monitor your bank and credit-card accounts and perform credit checks as often as possible to ensure that your information isn't being used in an unauthorized manner.