Digital Incompetence

Tuesday, May 23, 2006

IT'S NOT as though identity theft is a new worry. Last year companies such as Time Warner Inc. and Citigroup Inc. were in the news for losing computer tapes with sensitive personal information. The Bush administration has created something called the President's Identity Theft Task Force. Virtually every discussion of this subject makes a basic point: Although some data theft is inevitable in a digital society, institutions that collect people's names, birthdays and Social Security numbers must at least try to avoid losing them. Don't ship unencrypted computer tapes by UPS and then say you're sorry if the parcel goes astray. Don't let employees take sensitive files home, where they may be lost or stolen.

This may sound obvious, but it apparently must be said again in the wake of the news from the Department of Veterans Affairs. Yesterday the department's boss, R. James Nicholson, announced that every living veteran is at risk of identity theft after an employee took a data file containing names, birthdays and Social Security numbers home, where it was stolen. Mr. Nicholson says that the employee was not authorized to take this information home, but his department clearly failed to do enough to enforce its own guidelines. It now promises to restrict access to sensitive data to those who need it and to conduct background checks on those who do. It's extraordinary that this approach did not prevail already.

Some 26.5 million veterans risk being defrauded. If they are lucky, the thief may not realize the value of the stolen file, and it won't be used by criminals to drain veterans' bank accounts or borrow money in their names. But once personal information has been compromised, there's no telling when the bad guys may use it: The fraud may occur next month or years from now. Veterans would be well-advised to check with credit-reporting agencies periodically to see whether an impostor is taking out loans in their name. And the rest of us can only ask: How many other government departments treat sensitive information this casually?

© 2006 The Washington Post Company