Data security is an issue within the federal government, according to a recent GAO report. The report indicated that, as of September 2007, only about 30% of sensitive information stored on the laptops and mobile devices of federal employees was encrypted. Concerns about the lack of data security in the federal government are certainly not unwarranted. Computerworld, a professional technology magazine, reported on several data security breaches that have occurred in the last several years. The most significant breach occurred within the Department of Veterans affairs, when a laptop and hard drive with the personal information of 26.5 million military personnel was stolen. Other major breaches also occurred within the Internal Revenues Service and the Department of Commerce, with nearly 2,000 laptops having been stolen in the last 7 years from the two agencies.
Members of the House Homeland Security Committee have strongly criticized the progress of the 24 federal agencies studied by the GAO, stating that “encryption is not an option, it is a mandate.” Both the need and the technology for data encryption is there, federal agencies simply need to develop effective and comprehensive plans to implement it according to the specific needs of their agency. In a publication titled Data Protection: Safeguarding Privacy in a New Age of Technology, Heritage experts Paul Rosenzweig and Alane Kochems wrote that “if properly implemented cryptography (the technology for keeping information secure) provides very strong data protection.” Federal agencies need to take further steps towards the encryption of sensitive information. Such encryption can not only provide confidentiality and information privacy, but also authentication, integrity, and non-repudiation of such government data.