The theft of a computer belonging to the National Institutes of Health and the breach of privacy by contractors looking into presidential candidates' passport files draw attention to the federal government's lax security over personal data.

An unencrypted government laptop contained names, dates of birth, Social Security numbers and health information on 2,500 patients involved in an NIH study when it was stolen in February. The personal data is the type sought by identity thieves, although there were no reports that the material had been fraudulently used. Nonetheless participants risk exposure of very personal information.

The NIH is not alone. After reviewing 26 agencies, the Government Accountability Office recently found that 19 had experienced at least one breach of security that put personal information at risk.

Last week, it was learned that employees of private contractors working for the State Department had pried into the passport files of Sens. John McCain, Hillary Clinton and Barack Obama. Nearly 60 percent of those processing government passports are employed by private firms.

With the growing use of private contractors, it is important to have security policies in place as most government agencies do. However, investigations have found that sensitive information given to private contractors is not always adequately protected, such as the absence of encryption on NIH computer files that leave government offices. And the GAO said that security-awareness traning for outside contractors had dropped from 2006 to 2007.

While the federal government warns others of data security needs, it must ensure adequate protection of its files as well.