NewsOK link to press conference video
Channel 6 News Story
OKLAHOMA CITY – State lawmakers and technology security experts today said reforms advancing in the Legislature will increase protection of citizens’ private data and reduce its theft from government computers.
In addition, the reforms would increase efficiency and reduce waste during a tough budget year.
“Because of outmoded policies, we have an information bottleneck that drives up costs and delays service at state agencies,” said state Rep. Jason Nelson, R-Oklahoma City. “Our agencies use different programs and literally cannot share information electronically from one department to another. Instead, agencies pay someone to re-enter data into the computer system. There are state employees whose only job is to hand-type data that should be downloadable with a click. We’re paying for hours of labor on a job that should take five seconds.”
In recent months, several state computers containing citizens’ private information were either lost or stolen, including a flash driver from the Oklahoma Employment Security Commission and laptops from the Department of Human Services and the Oklahoma Housing Finance Agency.
“Because Oklahoma government continues to use an outdated information technology system that is spread across dozens of agencies, it is impossible to hold one person responsible for the data losses,” said state Rep. Jason Murphey, R-Guthrie. “The enactment of House Bill 1704 or Senate Bill 980 could not only save millions of dollars in leveraged IT purchases, but would put someone in charge of securing important data.”
Two bills introduced this session would streamline information technology services and increase data security in state government: House Bill 1704, by state Rep. David Derby, and Senate Bill 980, by Senate President Pro Tem Glenn Coffee and Murphey.
Both measures would create a Chief Information Officer for state government, who would direct technology purchases and security policies for all state agencies.
Oklahoma is only one of four states in the country without a centralized technology officer.
Dan Yost, chief technology officer for Stillwater-based computer security firm MyLaptopGPS, said the legislation is a step in the right direction.
“When agency policies are not consistent, it generates more loose ends throughout the system – and it only takes one loose end to breach 1 million Oklahomans’ private information, as we have already seen,” Yost said. “Giving one person oversight of the system is a good way to increase accountability and better secure data throughout all of state government. If nobody’s in charge, you’ve really got a problem.”
According to a recent report by the Ponemon Institute, the average cost of a stolen laptop is roughly $50,000 per computer. Other studies suggest the cost may be greater – a 2002 CSI/FBI Computer Crime and Security Survey put the cost at $89,000 per laptop and the 2003 ACCSS said the average value of data on a laptop is $250,000.
“Even the $50,000 ‘best case’ scenario is very bad,” Yost said. “Oklahoma government had to spend $200,000 in mailing costs just for notification letters after the theft of only two laptops. More costs for those incidents will likely be forthcoming.”
Yost noted that another laptop is stolen every 12 seconds, at least 2.6 million per year. A 2006 survey by The Ponemon Institute showed that 80 percent of government agencies surveyed reported losing data via laptop theft in last 12 months.
In addition to creating security problems, lawmakers said the current system wastes money.
“Right now, each agency has its own IT department and the state spends $340 million a year on IT not including personnel and salaries,” Murphey said. “The current configuration is an antiquated system that other states have abandoned.”
“There is no need for each state agency to have a separate technology department and director when those needs are often similar,” Derby said.
It is estimated that Oklahoma employs close to 1,500 state employees dedicated to information technology across various agencies.
Some of those jobs are hard to justify given technological advances.
Lawmakers are also working on broader reforms. House Speaker Chris Benge has also asked state Rep. John Wright to conduct a review of state information technology policies. “Clearly, the security of citizens’ personal data must be a top priority for state agencies,” said Wright, R-Broken Arrow.