Counties work to hide personal data
But redacting documents can be time-consuming and expensive
Computerworld - On Oct. 10, Florida's Orange County Comptroller's Office completed an 18-month project designed to remove personally identifiable information from images of official records posted on its Web site.
The $750,000 effort began in April 2005 and involved the review of over 30 million pages in more than 12 million public records for items such as Social Security numbers (SSN), bank account information and credit card numbers. In the end, 777,635 pages -- 2.6% of the total reviewed -- were found to have personal data and were redacted.
It's not entirely clear how many documents, some of which date to 1970, still might contain personally identifiable information, said Carol Foglesong, assistant comptroller of Orange County. "There's going to be something we missed," she conceded. "But I think we got 99%" of the items that needed to be removed, she said.
Orange County's efforts are being replicated across dozens of counties in the state and around the country as local governments scramble to pull down documents from their Web sites or black out personal data from images of title deeds, tax liens, court papers and other public records.
As reported by Computerworld earlier this year, such images often contain personal identifiers and are usually accessible to anyone with Internet access. That has made county Web sites a veritable treasure trove of information for identity thieves, according to privacy advocates.
Many county governments still have not begun to address the prevalence of personal data despite the heightened public concerns, said B.J. Ostergren, a privacy advocate in Richmond, Va. In most cases, such sites continue to leak all sorts of sensitive personal data to anybody with Internet access. In some cases, county and state governments charge for access to the information, but even then the fees are relatively nominal compared to the value of the data, she said.
And many states are continuing to post SSNs in so-called Uniform Commercial Code (UCC) documents on their public Web sites, she said. UCC documents are filed with the state by banks and other creditors when an individual takes out certain types of loans.
But a growing number do appear to be attempting to fix the problem, she added. "The more publicity this has gotten, the more people are getting to know about the issue," she said. "I think a lot of people are beginning to put the skids on this sort of stuff," she said.
In October, for example, the council that oversees Washington's King County, which includes Seattle, passed an ordinance requiring the recorder's office to remove online access to all title deed documents. The vote followed when a council member discovered more than 200 SSNs, including those of several public figures and athletes, in title deed documents on the county Web site.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts