Personal data at risk in lost IRS laptops

USA Today reports:

At least 490 IRS computers have been stolen or lost since 2003 in security breaches that potentially jeopardized the personal information of more than 2,000 taxpayers, a government audit reported Wednesday.

The computers were lost in 387 incidents, most of which were not reported to the IRS computer security office as required, according to the report by the Treasury Inspector General for Tax Administration.

The audit also found that IRS laptops lacked adequate password controls and encryption software that would protect taxpayer information and other data.

"This is a serious concern," said Inspector General J. Russell George, whose findings quantified one of several recent computer security breaches involving federal agencies. "The American public relies on the IRS to protect the personal information they provide."

IRS Commissioner Mark Everson said the agency was unaware of any identity thefts stemming from the loss of the laptops. The IRS has "moved aggressively" since last summer to strengthen protection of taxpayer data, he said.

The audit focused on computer security incidents from January 2003 to June 2006 involving IRS personnel authorized to take electronic files outside their offices. Some of the incidents were previously made public in media or government reports. The IRS has assigned more than 52,000 laptops to its workers.

While acknowledging that the IRS can't completely avoid computer thefts or losses, auditors found that many of the laptops had been stolen from vehicles, homes or other locations where the units had been left unattended or not locked up.

Personal data on at least 2,359 individuals were lost in the incidents, auditors found. Based on an examination that showed other IRS computers had unencrypted taxpayer and employee data, plus inadequate password protection, auditors reported it's "likely that a large number of the lost or stolen IRS computers could be accessed by unauthorized individuals."

IRS rules require employees to report lost or stolen computers to the agency's computer security office and the inspector general. Auditors determined that 76% of the incidents were not reported to IRS security personnel, who "could have helped negate the risk to taxpayers."

If we get "universal health care" you can forget about privacy.Handing more and more tasks over to the government is an open invitation to identity theft,something the big government advocates never get bothered by.