For Immediate Release:
Wednesday, July 12, 2006

The theft of more than 26 million Americans’ personal information from a government laptop in May is the most egregious example so far of a problem that has become too common.  Medical records, Social Security numbers, fingerprints, payroll information and other personal data has been compromised by government agencies at least a dozen times in the past four months.

 

The vulnerability of government data – and the urgent need to address the problem – became clear when news broke that the names, Social Security numbers and birthdates of 26.5 million veterans and active-duty military personnel had been stolen from the home of a Department of Veterans Affairs employee. 

 

Almost as disturbing as the theft itself was the way the situation was handled from the start.  Though the burglary occurred on May 3, it took three weeks for news of the breach to work its way through the agency and eventually to the public.  It took another month for the VA to offer assistance to the affected individuals.

 

Millions of Americans are required to provide personal information to government agencies in order to qualify for student loans, disaster assistance, Medicare and most other government programs.  Not to mention the 135 million highly-detailed tax returns filed every year with the IRS.  Government has an obligation to protect this sensitive information and provide Americans with peace of mind, knowing information submitted to government agencies is secure.

 

Government should be leading by example when it comes to data security.  Tight procedures are already in place for protecting classified information.  That model should be followed when it comes to protecting personal data.  For starters, there is no reason such information should be in the home of a federal employee.

 

When data is compromised, we have to take every measure to protect the victims of the government’s error.  I am a cosponsor of H.R. 5588, the Comprehensive Veterans Data Protection and Identity Theft Protection Act of 2006.  It requires the VA to provide free credit monitoring to those affected by the recent data theft.  It also gives the agency 90 days to implement more stringent data security procedures.

 

Federal agencies and private organizations alike are already required to protect certain types of sensitive information.  But the patchwork of federal laws that establish data security standards – many of which were passed decades ago – are not keeping pace with our needs as computers continue to change the way we live and work.  The enforcement of these laws is often left to the agencies themselves until a complaint is filed.

 

It is clear that allowing officials at individual agencies to set their own data security policies is not keeping data secure.  Congress must set a standard to be applied to all federal agencies and then ensure that standard is being followed.

 

If you suspect you have been a victim of identity theft you should first file a police report.  You should also contact the Federal Trade Commission at 877-438-4338 or online at www.consumer.gov/idtheft.

 

####

 

Rep. Dan Boren (D-Muskogee) represents Oklahoma’s Second Congressional District.