Census Bureau Discovers Computers and Personal Data Missing

Census Bureau Discovers Computers and Personal Data Missing

Last May, a disc containing the personal data of millions of veterans had been stolen in a random burglary of an employee of the Department of Veterans' Affairs. Apparently, the employee had taken the disc home, although he was not authorized to do so. The Committee on Veterans' Affairs, on which I serve, held five hearings on VA IT Security last June. The incident demonstrates a complete breakdown in the VA's information management.

Fortunately, the disc and data was recovered. FBI analysts do not believe the data was accessed, reducing the concerns that any of the personal information was improperly retrieved. The VA has provided veterans with free credit monitoring to ensure their peace of mind. Further, before breaking for the election, the House passed, and I supported, the Veterans Identity and Credit Security Act (H.R. 5835). The bill strengthens the Federal Information Security Management Act by giving Chief Information Officers additional enforcement authority over IT containing personal data.

The VA data incident prompted Rep. Tom Davis (R-VA), Chairman of the House Government Reform Committee, which is also one of the committees I served on, to request information on the computer and data security of all federal Cabinet agencies. He also requested the information from the Social Security Administration and the Office of Personnel Management.

The first agency to respond was the Commerce Department. Secretary Carlos Gutierrez, informed Chairman Davis that 1137 laptop computers had been lost misplaced or stolen since 2001. The Commerce Department is also missing 46 thumb drives, and 16 handheld computers. Of the missing laptops, 672 were from the Census Bureau. Most concerning is that of those 246 contained personally identifiable information.

It will fall under the jurisdiction of the Subcommittee on Federalism and the Census, of which I am Chairman, to investigate the computers missing from the Census Bureau. During prior hearings of my Subcommittee specifically regarding the role of technology in keeping census costs low and accuracy high, we were given no indication about any problems concerning missing laptops or personal data.

This demonstrates an absolutely unacceptable level of negligence within the Census Bureau. It appears that the agency charged with accurately counting and reporting the number of Americans has demonstrated that it cannot accurately account for even the laptops it is responsible for maintaining. Census demographic information is used for thousands of purposes, including apportionment of the House Representatives among the States (which determines how many votes in Congress each state has), and the allocation of federal grant dollars to local communities. It is astounding to consider that since 2001, the Census Bureau has lost laptops at the average rate of more than one every three days. Incredibly, in over five years nobody seemed to have noticed. Had Government Reform Committee Chairman Davis not requested this information, it might have continued indefinitely.

I take any breaches of personal information entrusted to the Census Bureau very seriously. Therefore, on behalf of the Subcommittee on Federalism and the Census, I have sent a letter to the director of the U.S. Census Bureau, Charles Kincannon, requesting the following information:

The exact number of missing laptop computers, thumb drives, handheld devices and computer data discs from January 2001 to present.

Of each missing device, the date they became missing, their last known geographic location, and which ones were encrypted.

An itemization of what information may have been on each device.

The Census Bureau's policy for protecting laptops, thumb drives, handheld computers and data discs from January 2001 through the present.

A comprehensive list identifying what steps the Census Bureau is taking to recover all missing laptops, thumb drives, handheld devices, and data discs.

I have requested these materials from the Census Bureau no later than October 12, 2006. The Subcommittee on Federalism and the Census will hold hearings to determine how this could have happened and what steps are necessary to prevent it from happening again. With the critical decennial census just over three years away, it is essential that the American people have faith that their personal data is secure when they give it to the Census Bureau. We also must have confidence in the Census Bureau's ability to create accurate data. The Subcommittee will move quickly to correct whatever issues created this situation so Americans can have confidence in the Census Bureau and in the data it produces in the 2010 census.

http://www.house.gov/miketurner/news/columns/9.29.06.shtml