Routine Personal Information Posting in the U.S. State Government Agencies

NBC news ran a story about how many state government agencies post sensitive personally identifiable information (PII) on their websites. In this case an Ohio county court “routinely posted traffic tickets and other public records on its Web site.”

Many state government agencies post personally identifiable information (PII) on their sites. Routinely.
All organizations, including governmental agencies, must be held to the same standard of protecting PII in order to have any headway in helping to reduce identity theft, fraud, related cybercrimes, and even physical crimes. Too many people have been victims as a result of irresponsible posting of PII that criminals, stalkers, psychopaths and murderers subsequently used for their horrendous deeds. Remember the incident in 1989 of Rebecca Schaeffer and how she was murdered by a stalker who easily obtained her home address from the California DMV. Laws protecting DMV data have been passed as a result, most notably the Driver’s Privacy Protectoin Act of 1994. However, comprehensive privacy protections are needed addressing all types of organizations that collect, store, and handle in any other way PII.
Isn’t it ironic that if private organizations did these routine data posting practices they would be have to follow the breach notice laws passed at the state level, but posting PII is mandated in so many state government offices? To slightly paraphrase what they would say in Oz, this certainly is a breach of a different color.

Tags: , , , , , , , ,

Leave a Reply