IRS Loses 500 Computers in 3 Years
Lessons for church leaders to learn from these losses.

Background. IRS employees reported the loss or theft of nearly 500 computers and other sensitive data in 387 separate incidents from 2003 through June 13, 2006. Many of these computers were laptops stolen from vehicles and employees' residences, but 111 computers were stolen at IRS offices. General Accounting Office (GAO) investigators believe that many of the computers contained unencrypted sensitive data, including taxpayer data and employee personnel data, because IRS employees failed to follow encryption procedures.

The GAO also found that backup data stored by the IRS at four offsite facilities were not encrypted or adequately protected. For example, at one site, non-IRS employees had full access to the storage area and the IRS backup media.

Relevance to church leaders. The GAO had several recommendations for the IRS, including the following: (1) refine incident response procedures to ensure sufficient details are gathered regarding persons potentially affected by a loss; (2) periodically remind employees of their responsibilities for protecting computer devices; (3) consider purchasing computer cable locks for employees' laptop computers; (4) periodically publicize an explanation of employees' responsibilities for preventing the loss of computer equipment and data; (5) require managers to periodically check their employees' laptop computers to ensure encryption solutions are being used; (6) consider implementing a systemic disk encryption solution on laptop computers that does not rely on employees' discretion as to what data to encrypt; (7) require system administrators to check security configurations when servicing computers; and (8) implement procedures to encrypt backup data sent to offsite facilities.

Log In For Full Access

Interested in becoming a member? Learn more.

Posted: June 1, 2007
View All
from our store
Best Practices for Technology Usage

Best Practices for Technology Usage

Establish policies and best practices to govern the use of technology for church staff.
Understanding Labor Laws

Understanding Labor Laws

Regulations that pertain to hiring, firing, paying, disciplining, and supervising ministry employees.
Record Keeping

Record Keeping

Learn best practices for protecting confidential documents.
Understanding Pastoral Liability

Understanding Pastoral Liability

Know the situations in which a pastor is personally liable for wrongdoing.

ChurchSalary

ChurchSalary

Let ChurchSalary do the work. Get personalized compensation reports for staff and pastors.