Hartford - The Attorney General and the Auditors of Public Accounts yesterday issued a report on a DRS laptop that was stolen over two years ago. While noting lapses in security that existed at the time of the theft, he commended the agency for the significant steps it has taken to properly secure taxpayer information.

The loss of a laptop containing taxpayer information was a serious breach of security. Since the unfortunate event, DRS has taken a proactive approach to secure and protect taxpayer confidential data. The actions the agency has taken include the following:

• Securing of Network Drives – DRS has moved confidential information to secure drives limiting who has access to it and the type of access employees have.

• Employee Awareness Training – all employees received training regarding the security of taxpayer information. Employees using laptops received specialized training for maintaining security protocols.

• No confidential data is stored on any laptop or desktop computer. The flow of confidential information between DRS systems and any electronic device is closely monitored using data loss prevention software.

• Increased use of encryption technologies for data transfers between the agency and its vendors, as well as between the agency and the IRS. Processes developed to use this technology require fewer individuals to handle the data and as a result minimizes security risks.

• Redacting of confidential data when auditors are required to use paper documents for field work.

• Requiring specialized identification passes for employees authorized to remove equipment necessary to perform their job duties (including laptops) from the building.

• Implementing the use of Encrypted USB Biometric Thumb Drives that incorporate Advanced Encryption Standards adopted by the federal government. These devices require dual authentication (a fingerprint and strong password verification) to access information stored on the thumb drives for use in field audits. The agency will use email encryption to communicate with taxpayers as well.

 “We are pleased that the Attorney General and Auditors of Public Accounts recognized the aggressive actions DRS has taken to strengthen security protocols and improve the handling of sensitive taxpayer information since the laptop was stolen,” said Commissioner Richard Nicholson. “We have a special responsibility to the taxpayers of this state who are required to provide us with confidential data. Security of that data must be our top priority.”

Commissioner Nicholson said the implementation of the new security protocols and technologies is only part of the agency’s continuing efforts to provide taxpayers with the highest level of protection of their tax information. DRS is constantly monitoring data security enhancements to ensure that the technology employed by the agency provides the highest level of protection to taxpayer data.

Other recommendations in the report by the Attorney General and Auditors of Public Accounts will be addressed separately by the agency.