Pentagon agency faulted for jeopardizing ID data

U.S.

The Defense Security Service (DSS) was initially unable to account for 501 laptops used by its investigators and loaded with personal identity data, posing an undue risk to those people's privacy, the Pentagon's internal watchdog said in the audit.

Most of the laptops have since been found, but the report said questions remained about how well DSS was tracking its assets.

DSS provides security support services to the Pentagon and defense contractors. It also handled security clearance investigations until February 2005, when the Office of Personnel Management took over.

"DSS management in place during the transfer of the personnel security investigation function to OPM created a lack of accountability for assets, posing an undue risk ... for military, civilian, and contractor employees who were investigated for security clearances between 1997 and 2005," said the audit by the Pentagon inspector general.

DSS later located 308 of the 501 laptops and was able to assure auditors that the remaining 193 laptops did not leave the control of the government, which the auditors said meant the data on the laptops was not at risk.

But the inspector general's office said the initial listing of 501 laptops was inaccurate, meaning some people's personal information potentially was still at risk.

However the Pentagon's Defense Privacy Office had concluded that the risk of unauthorized disclosure of private information was not great enough to warrant public notification.

It was not immediately clear how many people's data was potentially compromised, but the report noted that DSS transferred 1,567 employees to OPM in February 2005, plus laptops, common access cards, safes and extra hard drives.

The Pentagon inspector general recommended better controls over all property that contained personal data, classified or sensitive information, and periodic physical inventories of such assets.

(Reporting by Andrea Shalal-Esa; Editing by Xavier Briand)