Federal agencies lag on identity theft protection, GAO reports
WASHINGTON - Nearly two years after an embarrassing flap in which veterans' personal information was put at risk of identity theft, many federal agencies still lag on efforts to prevent future lapses, investigators have found.
Most of the two dozen federal agencies examined by the Government Accountability Office, Congress's investigative arm, had not implemented five federal recommendations aimed at protecting personal information. Only two agencies - the Treasury and Transportation departments - met each of those recommendations. Two others - the Small Business Administration and the National Science Foundation - had met none of them, the GAO found.
The other 18 agencies met the recommendations to varying degrees.
The recommendations were among those issued by the White House Office of Management and Budget following the 2006 VA incident, when a computer hard drive containing millions of names, Social Security numbers, and birth dates was stolen from a VA employee's home in Maryland. The hard drive was recovered intact.
A spokesman for the Small Business Administration, Sean Rushton, said yesterday that his agency has implemented all five recommendations since the GAO did its review.
The National Science Foundation had no immediate comment on the report yesterday.
"The findings released in this report are very troubling - indicating that agency after agency has failed to make securing citizens' personal information a high priority," said Senator Norm Coleman, a Minnesota Republican, who asked for the GAO report along with Representative Susan Davis, a Democrat from California.
"The clock is ticking and we need to know when the agencies are going to have the protections in place to stop the numerous data breaches we have seen over the past few years," he said.
Coleman, the ranking Republican on the Permanent Subcommittee on Investigations, and Senator Susan M. Collins of Maine, the ranking Republican on the Homeland Security Committee, wrote to the agencies asking them how soon they'd be able to implement the recommendations.
"The federal government collects and stores large amounts of personal information that is a tempting target for identity thieves," Collins said. 