Florida Counties Face State Deadline on Hiding Numbers

Computerworld - Like other counties in Florida, Orange County is scrambling to comply with a state mandate that requires Social Security, bank account, and credit and debit card numbers to be removed by the start of 2007 from all online images of public records.

For Orange County, it's an enormous task that involves examining nearly 30 million page images from records dating back to 1970, said Carol Fogelsong, the county's assistant comptroller.

Instead of trying to do the work itself, Orange County last June signed a contract with Hart InterCivic Inc., an Austin-based provider of records management services for county governments.

Since then, the county has downloaded onto USB drives images of about 25 million pages from documents dated through April 30, 2005, and shipped them to Hart for inspection and redaction. Hart has inspected about 7 million pages thus far and found information that needed to be redacted on about 119,000 of them, Fogelsong said.

Pages containing redactions are loaded back onto USB drives and returned to Orange County, which then replaces the original image with the new page. Fogelsong said the original images aren't actually deleted -- they're just hidden from view.

Despite initial concerns about the technology challenges, the redaction process has been going better than expected, according to Fogelsong. She said Hart is using specialized optical character recognition (OCR) software to look for the banned numbers on both handwritten and typed pages. The pages are also being manually reviewed to ensure that nothing is missed, she added.

About 2 million pages are now being inspected per month, Fogelsong said. The process costs the county 2.35 cents per page, which would add up to a tab of $705,000 for the full allotment of 30 million pages.

Fogelsong acknowledged that even after the work is completed, some online documents will likely still display information that is supposed to be hidden. "I will not be able to stop everything," she said. "But I'm doing the best I can."

Florida's Broward County plans to do its redaction work internally using software it bought from Aptitude Solutions Inc. in Casselberry, Fla., said Sue Baldwin, director of the Broward County Records Division.

"I don't know how long the actual process will take," she said. "But we intend to comply with the statutory requirements, including [the] deadline."

According to Baldwin, there are "relatively few documents" posted on the county's Web site that include sensitive information. Nonetheless, she said, the required redaction effort is "a massive job. We can't do it overnight."

Bruce Hogman, a Broward County resident who has worked as an IT professional for the past 30 years, said the effectiveness of OCR tools in redaction efforts could be limited by the challenges involved in programming the software to recognize specific types of data in documents that use different formats and are of varying quality.

As a result, the redaction of sensitive data could take longer than expected, leaving information publicly available for the next several months, Hogman said. He also noted that because much of the information already has been viewable for quite some time, it is questionable how useful redacting the data will be.

Read more about security in Computerworld's Security Knowledge Center.