Florida Counties Face State Deadline on Hiding Numbers
Computerworld - Like other counties in Florida, Orange County is scrambling to comply with a state mandate that requires Social Security, bank account, and credit and debit card numbers to be removed by the start of 2007 from all online images of public records.
For Orange County, it's an enormous task that involves examining nearly 30 million page images from records dating back to 1970, said Carol Fogelsong, the county's assistant comptroller.
Instead of trying to do the work itself, Orange County last June signed a contract with Hart InterCivic Inc., an Austin-based provider of records management services for county governments.
Since then, the county has downloaded onto USB drives images of about 25 million pages from documents dated through April 30, 2005, and shipped them to Hart for inspection and redaction. Hart has inspected about 7 million pages thus far and found information that needed to be redacted on about 119,000 of them, Fogelsong said.
Pages containing redactions are loaded back onto USB drives and returned to Orange County, which then replaces the original image with the new page. Fogelsong said the original images aren't actually deleted -- they're just hidden from view.
Despite initial concerns about the technology challenges, the redaction process has been going better than expected, according to Fogelsong. She said Hart is using specialized optical character recognition (OCR) software to look for the banned numbers on both handwritten and typed pages. The pages are also being manually reviewed to ensure that nothing is missed, she added.
About 2 million pages are now being inspected per month, Fogelsong said. The process costs the county 2.35 cents per page, which would add up to a tab of $705,000 for the full allotment of 30 million pages.
Fogelsong acknowledged that even after the work is completed, some online documents will likely still display information that is supposed to be hidden. "I will not be able to stop everything," she said. "But I'm doing the best I can."
Florida's Broward County plans to do its redaction work internally using software it bought from Aptitude Solutions Inc. in Casselberry, Fla., said Sue Baldwin, director of the Broward County Records Division.
"I don't know how long the actual process will take," she said. "But we intend to comply with the statutory requirements, including [the] deadline."
According to Baldwin, there are "relatively few documents" posted on the county's Web site that include sensitive information. Nonetheless, she said, the required redaction effort is "a massive job. We can't do it overnight."
Bruce Hogman, a Broward County resident who has worked as an IT professional for the past 30 years, said the effectiveness of OCR tools in redaction efforts could be limited by the challenges involved in programming the software to recognize specific types of data in documents that use different formats and are of varying quality.
As a result, the redaction of sensitive data could take longer than expected, leaving information publicly available for the next several months, Hogman said. He also noted that because much of the information already has been viewable for quite some time, it is questionable how useful redacting the data will be.
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts