Counties work to hide personal data

Computerworld - On Oct. 10, Florida's Orange County Comptroller's Office completed an 18-month project designed to remove personally identifiable information from images of official records posted on its Web site.

The $750,000 effort began in April 2005 and involved the review of over 30 million pages in more than 12 million public records for items such as Social Security numbers (SSN), bank account information and credit card numbers. In the end, 777,635 pages -- 2.6% of the total reviewed -- were found to have personal data and were redacted.

It's not entirely clear how many documents, some of which date to 1970, still might contain personally identifiable information, said Carol Foglesong, assistant comptroller of Orange County. "There's going to be something we missed," she conceded. "But I think we got 99%" of the items that needed to be removed, she said.

Orange County's efforts are being replicated across dozens of counties in the state and around the country as local governments scramble to pull down documents from their Web sites or black out personal data from images of title deeds, tax liens, court papers and other public records.

As reported by Computerworld earlier this year, such images often contain personal identifiers and are usually accessible to anyone with Internet access. That has made county Web sites a veritable treasure trove of information for identity thieves, according to privacy advocates.

Many county governments still have not begun to address the prevalence of personal data despite the heightened public concerns, said B.J. Ostergren, a privacy advocate in Richmond, Va. In most cases, such sites continue to leak all sorts of sensitive personal data to anybody with Internet access. In some cases, county and state governments charge for access to the information, but even then the fees are relatively nominal compared to the value of the data, she said.

And many states are continuing to post SSNs in so-called Uniform Commercial Code (UCC) documents on their public Web sites, she said. UCC documents are filed with the state by banks and other creditors when an individual takes out certain types of loans.

But a growing number do appear to be attempting to fix the problem, she added. "The more publicity this has gotten, the more people are getting to know about the issue," she said. "I think a lot of people are beginning to put the skids on this sort of stuff," she said.

In October, for example, the council that oversees Washington's King County, which includes Seattle, passed an ordinance requiring the recorder's office to remove online access to all title deed documents. The vote followed when a council member discovered more than 200 SSNs, including those of several public figures and athletes, in title deed documents on the county Web site.