Duane Morris Home
Search Site | Languages | Site Map | Alumni | Careers | Contact Us | Watch Duane Morris Video Listen to Duane Morris Podcasts, Webcasts and Audio Connect with Duane Morris LLP on LinkedIn Follow Duane Morris LLP on Facebook Follow Duane Morris LLP on Twitter Subscribe to RSS feed
  • About Duane Morris  ∨
    • Annual Report
    • Firm Rankings and Statistics
    • Past and Present
    • Firm Accolades and Honors
    • Attorney Accolades and Honors
    • Diversity and Inclusion
    • Women's Initiative
    • Pro Bono
  • Practices and Industries  ∨
    • Expanded Service Area Listing
  • People
  • Offices
  • Annual Report
  • News, Pubs and Multimedia  ∨
    • Alerts and Updates
    • Bylined Articles
    • In the News
    • Press Releases
    • For the Press
    • Video
    • Podcasts
    • Blogs
  • Events
  • Affiliates

By-Lined Articles
Events
For the Press

Home > Publications > By-Lined Articles

SHARE: Email this page Print This

By-Lined Article

Protecting Data On Government Laptops

By Eric Sinrod
July 11, 2006
Findlaw.com

In the past couple of months, the Department of Veterans Affairs, the Internal Revenue Service and the Federal Trade Commission have grappled with laptops that have gone missing that contained large amounts of private data.

As a consequence, the Executive Office of the President, Office of Management and Budget (OMB), has issued new security guidelines to address and compensate for the lack of physical security controls when information is removed from or accessed from outside of federal department and agency locations.

Specifically, the OMB recommends that all departments and agencies:

  1. Encrypt all data on mobile computers/devices that carry governmental data unless the data is determined to be non-sensitive;
  2. Allow remote access only with "two-factor" authentication where one of the factors is provided by a device separate from the computer gaining access;
  3. Use a "time-out" function for remote access and mobile devices that requires user re-authentication after 30 minutes of inactivity; and
  4. Log all computer-readable data extracts from databases holding sensitive information, and verify that each extract including sensitive data has been erased within 90 days or that its use is still required.
The purpose of the foregoing, as stated by OMB, is "to properly safeguard our information assets while using information technology." While stopping short of issuing requirements, and instead promulgating recommendations, OMB nevertheless asks that the above safeguards be put in place within 45 days by federal departments and agencies.

Hopefully, the expression "good enough for government work" soon will include federal action with respect to OMB's recommendations, and we will stop hearing about misplaced government laptops that contain easily accessible sensitive data.

Biography

Eric Sinrod is a partner in the San Francisco office of Duane Morris. His focus includes information technology and intellectual property disputes. To receive his weekly columns, send an e-mail to with the word "Subscribe" in the subject line.

Disclaimer: This column is prepared and published for informational purposes only and should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author's law firm or its individual partners.

Reprinted with permission of Findlaw.com

 

Duane Morris LLP & Affiliates. © 1998-2013 Duane Morris LLP. Duane Morris is registered service mark of Duane Morris LLP. Disclaimer | Privacy | Attorney Advertising
Other Languages: Chinese • Deutsch • Español • Français • Português