Experts: Reforms Could Limit Data Theft
State lawmakers and technology security experts today said reforms advancing in the Legislature will increase protection of citizens’ private data and reduce its theft from government computers.
“Because Oklahoma government continues to use an outdated information technology system that is spread across dozens of agencies, it is impossible to hold one person responsible for the data losses,” said Rep. Jason Murphey, R-Guthrie.
“The enactment of House Bill 1704 or Senate Bill 980 could not only save millions of dollars in leveraged IT purchases, but would put someone in charge of securing important data.”
In recent months, several state computers containing citizens’ private information were either lost or stolen, including a flash drive from the Oklahoma Employment Security Commission and laptops from the Department of Human Services and the Oklahoma Housing Finance Agency.
Two bills introduced this session would streamline information technology services and increase data security in state government: House Bill 1704, by Rep. David Derby, and Senate Bill 980, by Senate President Pro Tem Glenn Coffee and Murphey. Both measures would create a Chief Information Officer for state government, who would direct technology purchases and security policies for all state agencies.
Oklahoma is only one of four states in the country without a centralized technology officer.
Dan Yost, chief technology officer for Stillwater-based computer security firm MyLaptopGPS, said the legislation is a step in the right direction.
“When agency policies are not consistent, it generates more loose ends throughout the system – and it only takes one loose end to breach 1 million Oklahomans’ private information, as we have already seen,” Yost said. “Giving one person oversight of the system is a good way to increase accountability and better secure data throughout all of state government. If nobody’s in charge, you’ve really got a problem.”
According to a recent report by the Ponemon Institute, the average cost of a stolen laptop is roughly $50,000 per computer. Other studies suggest the cost may be greater – a 2002 CSI/FBI Computer Crime and Security Survey put the cost at $89,000 per laptop and the 2003 ACCSS said the average value of data on a laptop is $250,000.
“Even the $50,000 ‘best case’ scenario is very bad,” Yost said. “Oklahoma government had to spend $200,000 in mailing costs just for notification letters after the theft of only two laptops. More costs for those incidents will likely be forthcoming.”
Yost noted that another laptop is stolen every 12 seconds, at least 2.6 million per year. A 2006 survey by The Ponemon Institute showed that 80 percent of government agencies surveyed reported losing data via laptop theft in last 12 months.
“Because Oklahoma government continues to use an outdated information technology system that is spread across dozens of agencies, it is impossible to hold one person responsible for the data losses,” said Rep. Jason Murphey, R-Guthrie.
“The enactment of House Bill 1704 or Senate Bill 980 could not only save millions of dollars in leveraged IT purchases, but would put someone in charge of securing important data.”
In recent months, several state computers containing citizens’ private information were either lost or stolen, including a flash drive from the Oklahoma Employment Security Commission and laptops from the Department of Human Services and the Oklahoma Housing Finance Agency.
Two bills introduced this session would streamline information technology services and increase data security in state government: House Bill 1704, by Rep. David Derby, and Senate Bill 980, by Senate President Pro Tem Glenn Coffee and Murphey. Both measures would create a Chief Information Officer for state government, who would direct technology purchases and security policies for all state agencies.
Oklahoma is only one of four states in the country without a centralized technology officer.
Dan Yost, chief technology officer for Stillwater-based computer security firm MyLaptopGPS, said the legislation is a step in the right direction.
“When agency policies are not consistent, it generates more loose ends throughout the system – and it only takes one loose end to breach 1 million Oklahomans’ private information, as we have already seen,” Yost said. “Giving one person oversight of the system is a good way to increase accountability and better secure data throughout all of state government. If nobody’s in charge, you’ve really got a problem.”
According to a recent report by the Ponemon Institute, the average cost of a stolen laptop is roughly $50,000 per computer. Other studies suggest the cost may be greater – a 2002 CSI/FBI Computer Crime and Security Survey put the cost at $89,000 per laptop and the 2003 ACCSS said the average value of data on a laptop is $250,000.
“Even the $50,000 ‘best case’ scenario is very bad,” Yost said. “Oklahoma government had to spend $200,000 in mailing costs just for notification letters after the theft of only two laptops. More costs for those incidents will likely be forthcoming.”
Yost noted that another laptop is stolen every 12 seconds, at least 2.6 million per year. A 2006 survey by The Ponemon Institute showed that 80 percent of government agencies surveyed reported losing data via laptop theft in last 12 months.
Labels: Dan Yost, David Derby, Glenn Coffee, Identity Theft, Jason Murphey, Private Data Security
posted by Mike McCarville @ 10:40 AM
<< Home