[ISN] NARA admits violating internal policy on personal info
InfoSec News
alerts at infosecnews.org
Tue Nov 10 00:48:40 CST 2009
http://fcw.com/articles/2009/11/06/web-nara-it-security-problems.aspx
By Ben Bain
FCW.com
Nov 06, 2009
The National Archives and Records Administration violated its
information security policies by returning failed hard drives from
systems containing personally identifiable information of current
government employees and military veterans back to vendors. By agency
policy, NARA is supposed to destroy the hard drives rather than return
them, according to a top NARA official.
However, the agency believes there was no disclosure of personally
identifiable information despite the violations of its own policy, said
NARA's then-acting archivist Adrienne Thomas.
Thomas told the House Oversight and Government Reform Committee's
Information Policy, Census and the National Archives Subcommittee Nov. 5
that on two separate occasions the agency sent defective disk drives
back to vendors under a maintenance contract, rather than destroying and
disposing of them in-house.
[...]
More information about the ISN
mailing list