ID theft risk sends cautionary signal
|
||
At a time when people have grown accustomed to an easy exchange of information — on the Web, through text messages and, most critically, through computerized recordkeeping — a complacency has developed around the way we treat information that ought to be held close to the vest.
Nothing shatters that complacency quite as effectively as the theft of a portable device chock-full of private data. And the latest episode in the Islands came to light this week: A laptop containing names, Social Security numbers and other data associated with nearly 1,900 licensed commercial drivers went missing from the Department of Transportation Motor Vehicle Safety Office March 18.
This is particularly distressing because such data can be used by identity thieves who then can gain access to bank accounts and other valuable assets.
Letters warning the drivers of the apparent theft went out Monday, 2 1/2 weeks after the fact. There was much to do in the interim — including confirming that the computer was gone and not simply mislaid, and determining whose information was exposed. But it's imperative that the DOT review its steps to eliminate any unnecessary delays in response time.
Going forward, the DOT is taking the right steps to change its procedures to minimize further risk. Far less personal data will be kept on laptops, and when it is needed for field work, it will be encrypted, in addition to the current password protection. Upon return to the office, the files would be transferred to the office computers, a more secure environment.
These are essential efforts, and Director Brennon Morioka has correctly identified a future goal: upgrading to systems that can relay sensitive information to the field on demand, through virtual connections, similar to what police officers use.
But the most important lesson to take away from this case is that every public and private agency ought to think carefully about how files are managed. Many government agencies confine Social Security number storage to paper records, and that should be considered here.
Databases should be reviewed to determine whether sufficient protections are in place. Hawai'i residents have a right to be concerned, and to expect that the government takes adequate precautions with their private files.