Counties work to hide personal data
But redacting documents can be time-consuming and expensive
Computerworld - On Oct. 10, Florida's Orange County Comptroller's Office completed an 18-month project designed to remove personally identifiable information from images of official records posted on its Web site.
The $750,000 effort began in April 2005 and involved the review of over 30 million pages in more than 12 million public records for items such as Social Security numbers (SSN), bank account information and credit card numbers. In the end, 777,635 pages -- 2.6% of the total reviewed -- were found to have personal data and were redacted.
It's not entirely clear how many documents, some of which date to 1970, still might contain personally identifiable information, said Carol Foglesong, assistant comptroller of Orange County. "There's going to be something we missed," she conceded. "But I think we got 99%" of the items that needed to be removed, she said.
Orange County's efforts are being replicated across dozens of counties in the state and around the country as local governments scramble to pull down documents from their Web sites or black out personal data from images of title deeds, tax liens, court papers and other public records.
As reported by Computerworld earlier this year, such images often contain personal identifiers and are usually accessible to anyone with Internet access. That has made county Web sites a veritable treasure trove of information for identity thieves, according to privacy advocates.
Many county governments still have not begun to address the prevalence of personal data despite the heightened public concerns, said B.J. Ostergren, a privacy advocate in Richmond, Va. In most cases, such sites continue to leak all sorts of sensitive personal data to anybody with Internet access. In some cases, county and state governments charge for access to the information, but even then the fees are relatively nominal compared to the value of the data, she said.
And many states are continuing to post SSNs in so-called Uniform Commercial Code (UCC) documents on their public Web sites, she said. UCC documents are filed with the state by banks and other creditors when an individual takes out certain types of loans.
But a growing number do appear to be attempting to fix the problem, she added. "The more publicity this has gotten, the more people are getting to know about the issue," she said. "I think a lot of people are beginning to put the skids on this sort of stuff," she said.
In October, for example, the council that oversees Washington's King County, which includes Seattle, passed an ordinance requiring the recorder's office to remove online access to all title deed documents. The vote followed when a council member discovered more than 200 SSNs, including those of several public figures and athletes, in title deed documents on the county Web site.
- Transforming Security: Designing a State-of-the-Art Extended Team The information security mission is no longer about implementing and operating controls.
- The Big Data Security Analytics Era Is Here New security risks and old security challenges often overwhelm legacy security controls and analytical tools.
- Building an Intelligence-Driven Security Operations Center The openness of today's networks and the growing sophistication of advanced threats make it almost impossible to prevent cyber attacks and intrusions.
- Taking Charge of Security in a Hyperconnected World In today's highly interconnected business environment, information security can no longer be an isolated endeavor: it's the responsibility of an entire business ecosystem...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!