BreachExchange mailing list archives
NARA admits violating internal policy on personal info
From: security curmudgeon <jericho () attrition org>
Date: Tue, 10 Nov 2009 06:56:48 +0000 (UTC)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://fcw.com/articles/2009/11/06/web-nara-it-security-problems.aspx By Ben Bain FCW.com Nov 06, 2009 The National Archives and Records Administration violated its information security policies by returning failed hard drives from systems containing personally identifiable information of current government employees and military veterans back to vendors. By agency policy, NARA is supposed to destroy the hard drives rather than return them, according to a top NARA official. However, the agency believes there was no disclosure of personally identifiable information despite the violations of its own policy, said NARA's then-acting archivist Adrienne Thomas. Thomas told the House Oversight and Government Reform Committee's Information Policy, Census and the National Archives Subcommittee Nov. 5 that on two separate occasions the agency sent defective disk drives back to vendors under a maintenance contract, rather than destroying and disposing of them in-house. [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- NARA admits violating internal policy on personal info security curmudgeon (Nov 10)