States Faulted for Privacy Breaches, Bungled Data Security
Tax forms were sent out to thousands of people in Wisconsin with their Social Security numbers on the mailing labels. A vendor hired by the state of Georgia lost a computer disk with the names and Social Security numbers of 2.9 million people. A disk with similar information disappeared in Rhode Island.
While some of the biggest and most spectacular privacy breaches in recent years have happened at large corporations, state governments have also mishandled or failed to protect some of the sensitive information entrusted to them — data that identity thieves would love to get their hands on.
Yet most states don’t have statewide privacy officers in charge of safeguarding data, statewide policies on protecting sensitive material, or standing procedures for responding to breaches.
“This is an area that has not gotten much attention, and there’s a lot of sensitive information stored by states. It’s not well-protected,” said Robert Ellis Smith, publisher of the monthly Privacy Journal newsletter.
In many states, wills, deeds, divorce papers, death certificates and other public documents that contain Social Security numbers, birthdates, addresses and signatures are accessible via government Web sites for free or a small charge — or through hacking.
With a few mouse clicks, privacy activist Betty “BJ” Ostergren has found Social Security numbers of former Secretary of State Colin Powell, football star Joe Namath and former Florida Gov. Jeb Bush.
“Its just amazing to me that we’ve got this stuff and we are putting millions of people at risk,” Ostergren said.
Through her efforts, several states have blocked online access to certain records, or redacted information such as Social Security numbers.
Ostergren, who runs the Web site The Virginia Watchdog, said her goal isn’t to prevent people from seeing public documents, but to at least make it a little harder for them to do so, by making them go…
