Connecticut Gov. M. Jodi Rell today ordered the issuance of a new Laptop Computer Security Policy and associated guidelines for state of Connecticut employees. Governor Rell ordered CIO Diane S. Wallace of the Department of Information Technology (DOIT) to prepare a new policy for her review and approval by Friday, September 7. Once approved, it will take effect immediately.
Rell said the policy must include some key features, including the following:
- A requirement that agencies immediately notify the Department of Information Technology (DOIT) when a laptop computer is missing, stolen or lost.
- A requirement for agencies to monitor and restrict sensitive data from being placed on laptop computers and portable devices, especially when that data is available through more secure means.
- Expanded use of secure data access and transport tools, including VPN technology, to enable fieldworkers and other State employees to remotely access sensitive data rather that downloading data onto laptop hard drives.
Rell ordered DOIT to accelerate selection and deployment of enterprise encryption tools for use by state agencies. A multi-agency working group has been working to identify standards and tools for enterprise use and is initiating the procurement process for such tools.
"Sensitive data should not be loaded onto a laptop," Rell said. "Laptops can be targets for thieves and every state employee must be vigilant and adhere to common sense practices to secure the taxpayer-funded equipment and data with which they have been entrusted.
After the recent theft of a Department of Revenue Services laptop containing sensitive taxpayer information, it took 11 days to notify affected citizens of the incident," the governor said. "That timeframe has caused concern for individuals whose information was potentially compromised and it is a cause of concern for me. This new policy will address that and other laptop security issues. Common sense practices, strong policies, and institutional and individual vigilance are required to strengthen protections of laptops and data."