Details:  On May 20, 2009, the National Archives announced that a 1 TB computer hard drive containing massive amounts of sensitive data from the Clinton administration, including Social Security numbers, addresses, and Secret Service and White House operating procedures is missing.  The Archives is not sure if the loss was the result of theft or accidental loss. The drive was apparently removed from a secure area of the Archives facility between October 2008 and March 2009 and was left on an unsecured shelf as staff members were converting the data on the hard drive into the Archives' digital record system. Hundreds of workers had access to the hard drive.

The FBI is conducting a criminal investigation into the breach. Rep. Edolphus Towns (D-NY), chairman of the Committee on Oversight and Government Reform, said his panel was briefed on the breach May 19 and will hold separate members' briefings on the ongoing investigations with the National Archives Inspector General and the FBI.

How Does This Affect My Enterprise?

• Enterprises and governments entities should have the ability to identify and categorize sensitive data, including personally identifiable information such as social security numbers and account numbers.
• Enterprises and government entities should take all appropriate steps to ensure the security of its data including policies and procedures for storing such data on hard drives.
• Enterprises and government entities should have internal controls in place to manage security breaches that comply with Federal and State law.
• Enterprises and government entities should protect sensitive data when transporting through the use of encryption or other security protocols.