Tuesday, November 04, 2008

Federal Agency Efforts to Encrypt Sensitive Information Are Under Way, but Work Remains

That's the title of a U.S. Government Accounting Office report on this topic. Here's the major finding (emphasis is mine):
From July through September 2007, the major agencies collectively reported that they had not yet installed encryption technology to protect sensitive information on about 70 percent of their laptop computers and handheld devices. Additionally, agencies reported uncertainty regarding the applicability of OMB’s encryption requirements for mobile devices, specifically portable media. While all agencies have initiated efforts to deploy encryption technologies, none had documented comprehensive plans to guide encryption implementation activities such as installing and configuring appropriate technologies in accordance with federal guidelines, developing and documenting policies and procedures for managing encryption technologies, and training users. As a result federal information may remain at increased risk of unauthorized disclosure, loss, and modification.

This doesn't make me feel very good. A personal yet related note from my privacy dealings today:

  • My son is having a crown repaired at a new dentist down here in Torrance, California.
  • Dentist wants to verify his (my) insurance so he asks for my social security number. I refuse to give it.
  • Dentist calls my insurance provider and then asks me my zip code which I do provide.
  • Dentist appears and claims that everything is good with the insurance.
Of course, my immediate question was "If all they needed was my zip code then why didn't they simply ask for it instead of my social security number? After all, it's five digits versus nine!" Frankly, I could care less if the dentist's records were compromised with my zip code. I do care if he has my social security number and they are compromised.

The moral of the stories above is we need some attitude adjustment in both the government and commercial sectors regarding privacy. I adjust my attitude pretty quickly when it comes to my continued employment so it is a good motivator. We need to do more of this around protecting private information.

Technorati Tags:
, ,

No comments: