Rell said the policy must include some key features, including the following:
- A requirement that agencies immediately notify the Department of Information Technology (DOIT) when a laptop computer is missing, stolen or lost.
- A requirement for agencies to monitor and restrict sensitive data from being placed on laptop computers and portable devices, especially when that data is available through more secure means.
- Expanded use of secure data access and transport tools, including VPN technology, to enable fieldworkers and other State employees to remotely access sensitive data rather that downloading data onto laptop hard drives.
"Sensitive data should not be loaded onto a laptop," Rell said. "Laptops can be targets for thieves and every state employee must be vigilant and adhere to common sense practices to secure the taxpayer-funded equipment and data with which they have been entrusted.
After the recent theft of a Department of Revenue Services laptop containing sensitive taxpayer information, it took 11 days to notify affected citizens of the incident," the governor said. "That timeframe has caused concern for individuals whose information was potentially compromised and it is a cause of concern for me. This new policy will address that and other laptop security issues. Common sense practices, strong policies, and institutional and individual vigilance are required to strengthen protections of laptops and data."
