Posted on 06/22/2007 4:09:08 AM PDT by Loyal Buckeye
Ohio does not have unified standards for protecting Social Security numbers and other sensitive information, making the state vulnerable to data theft.
Sound like an assessment of the recent theft of a backup computer storage tape that has dominated state government news since last Friday?
Guess again.
That viewpoint was expressed nearly six months ago, in a report prepared as part of Gov. Ted Strickland's transition team before he took office Jan. 8.
Strickland had asked for teams of experts to evaluate several key areas of state government and submit their findings and recommendations in reports.
The team studying the state's Office of Information Technology included an evaluation of state data privacy and security in its report, concluding that the state had "little to no policy guidance or standards."
"Ohio's lack of a robust, unified privacy/security capacity lays it open to the type of data spills and breaches that have been plaguing the government and the corporate sectors in increasing numbers over the past few years," the report concluded.
The report found that without a comprehensive program, including clear state policy and standards set in cooperation with the legislature, plus proper monitoring and auditing, the danger of a data breach similar to ones experienced at Ohio University and elsewhere "will continue to grow."
A thief broke into a state intern's car June 10 and took a computer backup tape that contains the Social Security numbers and other private information for more than 500,000 Ohioans.
The list of those affected includes all state workers, their dependents enrolled in the state's pharmacy-benefits management program, residents who have not cashed tax rebate checks and even some lottery winners.
The leader of the transition team and the primary author of the report was Sol Bermann, who was hired on March 26 as the state's first chief privacy officer for the Office of Information Technology.
Bermann was unavailable to discuss his role and work so far in the office at the request of the Ohio inspector general's office, which is investigating the circumstances surrounding the theft of the tape as well as the state's response.
Meanwhile, the state continues its review of a duplicate of the stolen data tape to determine what other critical information might be on the stolen one.
Strickland revealed Wednesday that the tape contained the names, Social Security numbers and amounts of uncashed state personal income-tax refund and school-district income-tax refund checks issued in 2005, 2006 and through May 29 this year.
The Ohio Department of Taxation provided a list yesterday showing that the list of affected taxpayers contains 210,930 individuals and 224,058 checks because some people received both refund checks.
More than 93 percent of the people are from Ohio, but there also are people from other states who received Ohio tax refunds. Most are in Florida, 1,176; followed by New York, Kentucky and California.
Also, 685 people on the list live outside the country.
Strickland is extending identity-theft protection and prevention services to anyone affected on the list through Texas-based Debix Inc. The service already has been offered to state workers and their dependents.
Not counting staff time, the cost of the theft in tax dollars is approaching $900,000, including $631,000 set aside to pay for the Debix services and $100,000 to hire an expert to confirm that the state has found all of the sensitive data on the tape and to review the security of the state's new payroll and accounting system.
The state also has spent nearly $163,000 so far in printing and mailing costs to send letters to those affected, said Ron Sylvester, a spokesman for the Department of Administrative Services.
I can't wait to see how the governor and The Columbus Dispatch spin this one. Incompetence squared on this one.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.