Counties work to hide personal data
But redacting documents can be time-consuming and expensive
Computerworld - On Oct. 10, Florida's Orange County Comptroller's Office completed an 18-month project designed to remove personally identifiable information from images of official records posted on its Web site.
The $750,000 effort began in April 2005 and involved the review of over 30 million pages in more than 12 million public records for items such as Social Security numbers (SSN), bank account information and credit card numbers. In the end, 777,635 pages -- 2.6% of the total reviewed -- were found to have personal data and were redacted.
It's not entirely clear how many documents, some of which date to 1970, still might contain personally identifiable information, said Carol Foglesong, assistant comptroller of Orange County. "There's going to be something we missed," she conceded. "But I think we got 99%" of the items that needed to be removed, she said.
Orange County's efforts are being replicated across dozens of counties in the state and around the country as local governments scramble to pull down documents from their Web sites or black out personal data from images of title deeds, tax liens, court papers and other public records.
As reported by Computerworld earlier this year, such images often contain personal identifiers and are usually accessible to anyone with Internet access. That has made county Web sites a veritable treasure trove of information for identity thieves, according to privacy advocates.
Many county governments still have not begun to address the prevalence of personal data despite the heightened public concerns, said B.J. Ostergren, a privacy advocate in Richmond, Va. In most cases, such sites continue to leak all sorts of sensitive personal data to anybody with Internet access. In some cases, county and state governments charge for access to the information, but even then the fees are relatively nominal compared to the value of the data, she said.
And many states are continuing to post SSNs in so-called Uniform Commercial Code (UCC) documents on their public Web sites, she said. UCC documents are filed with the state by banks and other creditors when an individual takes out certain types of loans.
But a growing number do appear to be attempting to fix the problem, she added. "The more publicity this has gotten, the more people are getting to know about the issue," she said. "I think a lot of people are beginning to put the skids on this sort of stuff," she said.
In October, for example, the council that oversees Washington's King County, which includes Seattle, passed an ordinance requiring the recorder's office to remove online access to all title deed documents. The vote followed when a council member discovered more than 200 SSNs, including those of several public figures and athletes, in title deed documents on the county Web site.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Gartner Report: A Guide to Gartner's Enterprise Mobile Security Self-Assessment Gartner introduces a model and a Toolkit intended to help mobility and security IT leaders assess their enterprise mobility programs from a security...
- Gartner Report: Containing Mobile Security Risks With the 80/20 Rule IT planners can deliver better mobile protection with higher user satisfaction by segmenting users into risk groups before committing to specific management or...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts