WICHITA, Kansas – There is concern that several state agencies are not doing enough to protect the digital information of Kansans.
An audit by the state showed that IT security work by many state agencies is not up to standard, and that is drawing concern from tech experts and state lawmakers.
The results of a state audit of its computer security systems produced unsurprising results for IT experts that want the state to do more to protect personal data.
“The state requires a certain amount of data from you for different things, from your vehicle registration to taxes,” said Bill Ramsey from Cybertron IT. “You’re required to provide that information and you rely on the state to be able to protect that information. So as a consumer, there’s not much you can do.”
The audit found that 75 state agencies are running more than 350 different computer systems containing personal data.
Of the 45 agencies that have control of high-risk data, 17 of them have not had independent security evaluations in the last 3 years.
“This audit show that we haven’t been as proactive as we’ve needed to be,” said State Senator Michael O’Donnell. “We have a lot of agencies that are developing their own safety protocols and their own process to make sure there’s no breach of security.”
The agencies are required by law to submit 3-year IT plans, but O’Donnell says the oversight group that is supposed to enforce that has barely met.
“We need to fix that. If we have agencies that are taking our money, that are taking our vital private information, medical records, financial records, we need to make sure that it’s as safe using them as it would be Paypal,” said O’Donnell.
Experts say that having a uniform standard across all state agencies would be the best thing to do, but admit the challenge will be finding people to fix tech problems.
The auditors recommended getting outside agencies to review the IT plans by December 2015, but O’Donnell said he wants to push for that to happen instead by the end of 2014.