The Inland Revenue Department has accounted for most of the 106 computers it could not locate in an asset check last year (Computerworld April 30, 2007), but 36 are still missing, including unencrypted laptops.
“Of the 36 computers, 21 were obsolete and may have been disposed of or destroyed without the asset register being updated,” says an IRD spokes-person.
“Another 13 were used only in a test environment and were not attached to any network,” the spokesperson says.
Five of the 36 machines were laptops, and information on the laptops was not encrypted, but “our strict policy is not to store any taxpayer information on laptops”, IRD says.
Security measures have since been strengthened, the department says and “asset management champions” have been appointed in each IRD site. Computers for disposal are now held in a secure area with strictly controlled access, says IRD.
“Strict procedures apply to the hard drive cleansing process. Where cleansing is not possible the hard drive is physically destroyed.”
Last April, National Party MP Gerry Brownlee asked questions in Parliament about the missing computers, asking what security was loaded on them and how much personal information was at risk.
Revenue Minister Peter Dunne said he did not believe the computers had been stolen.
The losses came on the back of a report from the US that its Internal Revenue Service had lost or had stolen around 500 laptops, which may have exposed personal information of around 6,000 taxpayers to identity thieves.
An audit found that between January 2003 and mid-June 2006, a “large number” of laptops were stolen from the vehicles and homes of IRS employees, while 111 were stolen from agency facilities.