A recent report from the House Committee on Government Reform shows that sloppy handling of personal data is rampant across the federal government, with 19 agencies self-reporting at least one leak of personally identifiable information since 2003. According to the report:
Taken as a whole, the agency reports outline hundreds of instances of data breaches involving sensitive personal information since January 1, 2003. The reports show a wide range of incidents, involving employee carelessness, contractor misconduct, and third-party thefts. However, in many cases, the agency does not know what information was lost or how many individuals potentially could be affected. Few of these incidents have been reported publicly, and it is unclear in many cases whether affected individuals have been notified or whether remedial action has been taken.
While several data breach notification laws have stalled in the House and Senate, the new report underscores just how much Congress needs to update and strengthen protections for personal data in the hands of third parties -- especially, it seems, the government itself.