Gregoire and McKenna said Washington employees have been leaders in the fight against identity theft for many years and must continue to do their part to protect information.
"State agencies collect, use and store citizens' personal information in order to perform many important government functions," said Gregoire and McKenna in the letter. "It is critical that every agency protect this information from identity thieves."
Washington state laws require state and local government agencies and businesses to destroy certain personal information prior to disposal and to notify affected consumers when a data breach occurs.
"Prevention is the key to reducing identity theft before it occurs," said Gregoire. "Attorney General McKenna and I believe it is critical that every agency protect citizens' personal information."
The letter asks management teams to review policies and procedures concerning how agencies collect, store and dispose of private information and, if necessary, to update those policies. Agency leaders must be sure managers and staff review and recommit to the principles of Executive Order EO-00-03 Public Records Privacy Protections.
Gregoire and McKenna said state agencies should limit the collection of private personal information to what is necessary to perform agency functions and, whenever possible, eliminate the use of Social Security numbers. They cited the Employment Security Department as an example of an agency that recently removed Social Security information from documents relating to liens. The department now uses bar coding for internal purposes.
Agencies should limit access to personal information to staff who need the information to conduct agency functions. They also should consider issues regarding the disclosure of private personal information when entering into contracts or data-sharing agreements. Employees who share information with private contractors or other public agencies should confirm that the recipient has the necessary procedures and safeguards to protect the information.
"Safeguarding information is a joint responsibility of citizens, businesses, and the public sector," said McKenna. "We've repeatedly urged consumers to shred sensitive documents, secure their mailboxes and install anti-spyware software and firewalls on their computers. To win the battle against identity theft, government agencies and businesses must also take an active role in protecting their customers and themselves."
Washington's Law Enforcement Group against Identity Theft (LEGIT) recently sent letters to 800 city and county executives across the state that urged local government leaders to review how their organizations store and manage sensitive information and tightening procedures. McKenna, Department of Licensing Director Elizabeth Luce, King County Prosecutor Norm Maleng and LEGIT members signed the letters.
