Agencies in Oklahoma taking steps to protect data

BY MICHAEL MCNUTT Modified: May 7, 2009 at 1:19 pm •  Published: May 7, 2009
Policies and procedures have been changed to cut the risk of personal information being compromised because of stolen or misplaced laptop computers and data storage devices, officials at three state agencies told a House committee Wednesday.

"This is a real wake-up call,” said Dennis Shockley, executive director of the Oklahoma Housing Finance Agency.

"We thought we had real good security.”

More than a million names were on a stolen state Department of Human Services laptop computer and about 225,000 names were on a stolen Housing Finance Agency laptop, both swiped in April. About 5,000 names were on a flash drive of an Oklahoma Employment Security Commission employee that was lost in March. All the information contained at least the names, Social Security numbers and birth dates of the agencies’ clients.

Shockley said his agency is looking at encryption software as well as putting the data on secure servers instead of letting employees place the information on their laptops, he said.

As a result of the lost personal information, House Speaker Chris Benge, R-Tulsa, asked Rep. John Wright, chairman of the House Administrative Rules and Agency Oversight Committee, to review state information technology policies. Wright, R-Broken Arrow, started with the agencies where the personal information was compromised.

"Three of these instances by different state agencies in a fairly short space of time does indicate the potential vulnerability in light of the number of government employees with sensitive information and should serve as a wake-up call to all of the state entities,” Wright said.


Upgrades in security urged
State agencies need to upgrade their security programs and policies on laptop computers and other devices to protect people’s personal information, a technology security expert said Wednesday. State lawmakers also brought in Dan Yost, chief technology officer for MyLaptopGPS in Stillwater, to make a pitch for legislation to create the job of chief information officer for the state. That person would be in charge of data security and would streamline computer operations and purchases.

"The first step to laptop security is assuming you’re next,” Yost said. "If you just assume you’re next, common sense does a really good job.”

Here’s a look at what Yost said:

The problem

Two state-owned laptops containing personal information of more than 1.2 million Oklahomans were reported stolen last month. A flash drive with names and Social Security numbers of about 5,000 Oklahomans was lost in March. State officials said the laptops had two layers of password protection, but Yost said they "essentially had no protection.” He said the thieves probably were after the hardware, but the data could be sold on the black market.

Expert’s suggestions

Oklahoma should do a better job of protecting the data and set policies on how much data is allowed on computers when taken out of the office, Yost said.

He suggested the state look at encrypting data on portable devices and being able to delete it remotely.

"Each agency can investigate technologies,” he said. "I would imagine vendors are coming out of the woodwork.”

Legislative answers

Two measures, House Bill 1704 and Senate Bill 980, would streamline information technology services and increase data security in state government. One bill will be submitted to lawmakers.

Both measures would create a chief information officer to direct technology purchases and security policies for all state agencies. The chief information officer would be appointed by the governor. Oklahoma is only one of four states without a centralized technology officer, said Rep. Jason Murphey. Murphey, R-Guthrie, said "a nightmare scenario” exists in the state because each agency has its own policies on computers and data.

Michael McNutt, Capitol Bureau

Trending Now


AROUND THE WEB

  1. 1
    Controversy brewing over Batman T-shirt
  2. 2
    Quadriplegic Texas Woman Defies Odds, Walks and Becomes Pregnant
  3. 3
    Woman hides camera in her bra, promotes breast cancer awareness
  4. 4
    Lawsuit: Black donor's sperm mistakenly sent to same-sex white couple
  5. 5
    It looks like a GOP wave; the question is how far it goes
+ show more