From July through September 2007, the major agencies collectively reported that they had not yet installed encryption technology to protect sensitive information on about 70 percent of their laptop computers and handheld devices. Additionally, agencies reported uncertainty regarding the applicability of OMB’s encryption requirements for mobile devices, specifically portable media. While all agencies have initiated efforts to deploy encryption technologies, none had documented comprehensive plans to guide encryption implementation activities such as installing and configuring appropriate technologies in accordance with federal guidelines, developing and documenting policies and procedures for managing encryption technologies, and training users. As a result federal information may remain at increased risk of unauthorized disclosure, loss, and modification.
This doesn't make me feel very good. A personal yet related note from my privacy dealings today:
- My son is having a crown repaired at a new dentist down here in Torrance, California.
- Dentist wants to verify his (my) insurance so he asks for my social security number. I refuse to give it.
- Dentist calls my insurance provider and then asks me my zip code which I do provide.
- Dentist appears and claims that everything is good with the insurance.
The moral of the stories above is we need some attitude adjustment in both the government and commercial sectors regarding privacy. I adjust my attitude pretty quickly when it comes to my continued employment so it is a good motivator. We need to do more of this around protecting private information.
identity management, privacy, security