Report finds identity theft risk
State and county agencies are urged to be more secure about personal data
State and county agencies that maintain 20 million to 30 million records containing personal information are not doing enough to safeguard residents' privacy, a task force on identity theft has found.
The state Office of the Auditor provided results yesterday of a report by the 23-member Hawaii Identity Theft Task Force, which met from 2006 to 2007.
The task force urged state and county agencies to act urgently to secure their records, institute basic security policies and limit collection of personal information to what is necessary.
The task force also reported a serious lack of employee training on appropriate use and disclosure of personal information.
Almost all the agencies surveyed reported transmitting information outside the organization, with a little more than half the agencies having specific procedures for concealing personal information when doing so, the task force report showed.
Fewer than half reported having technical safeguards when transmitting information electronically or for storage of personal information on laptop computers or removable storage devices, the report said.
Although some solutions require more time and money, the task force recommended the following immediate actions to secure personal information:
» Decrease unnecessary use of personal information, including reducing the use of Social Security numbers.
» Implement safeguards to protect personal information, requiring agencies to assign policy and oversight responsibilities, issue guidance on use of personal information in human resources functions and require agencies to use third-party information-use agreements.
» Educate agencies on how to protect information.