Public Safety data not secure, audit finds
http://www.startribune.com/462/story/1523440.html
By Mark Brunswick
Star Tribune
November 01, 2007
Minnesota's chief law enforcement agency failed to adequately safeguard
non-public information in its computers and did not keep an accurate
inventory of some of its most critical property, such as its laptops and
cell phones, an audit found on Thursday.
The Department of Public Safety deals with sensitive issues such as
homeland security and statewide criminal investigations.
A report from the Legislative Auditor released Thursday showed that as
late as May of this year, nearly 950 of the department's laptops were
not encrypted, despite specific state policy requiring it. In addition,
about 300 of the department's laptops had no physical security, such as
cable locks.
The audit also found that the department did not adequately review
employee security profiles for excessive or unnecessary use of the
department's computer system. As of April of this year, five employees
had access to the department's system even though they no longer worked
for Public Safety.
Without proper controls over the laptops, confidential non-public
information could be compromised, the audit warns.