Privacy advocate targets Mass. Secretary of State's Web site

Computerworld - A privacy advocate today threatened to publicly post on her Web site the names of prominent individuals in Massachusetts whose Social Security numbers and other personal data she was able to pull from public records posted on the commonwealth secretary of state's Web site.

In addition, Betty "B.J." Ostergren said detailed instructions will be provided on her site telling others how to access the data from the site. Ostergren, a Virginia-based privacy advocate, runs a Web site called The Virginia Watchdog, which she uses to draw attention to -- and put pressure on -- county and state government officials who post unredacted public records online.

The threat to publicize the information stems from the continued refusal by Massachusetts Secretary of State William Galvin to break links to the records, despite being told they pose a potential risk to privacy, Ostergren said. She said she contacted Galvin's office earlier this week and informed it that the images of certain financial documents posted on the site contain relatively easily accessible personal data, such as Social Security numbers and addresses.

The documents, which pertain to loans taken out by individuals and businesses in Massachusetts, are considered public records and are accessible to anyone with an Internet connection.

Despite Ostergren's concerns, the secretary's office has so far refused to break the links. "So I will plaster some documents from their site online," she said. "I have picked some prominent people whose Social Security numbers I was able to find. I am going to give in-depth, step-by-step instructions of how to get to the information."

The idea is to put pressure on Galvin's office to take the records offline until the personal information is redacted, Ostergren said.

Brian McNiff, a spokesman for Galvin's office, today reiterated that the secretary of state has no plans to remove the information, regardless of Ostergren's demands.

"These documents are necessary for commerce," McNiff said. "These are business documents that lenders file with the state to indicate what someone has pledged as collateral for a loan."

The documents enable other lenders to check for any existing encumbrances that individuals applying for new loans might have, he said.

The bulk of the "hundreds of thousands" of documents on the Web site are business filings, and only 5% or so are believed to include Social Security numbers, he said. All documents posted in the past six months have had the Social Security numbers removed from them, and anyone who believes his records contain Social Security numbers is free to request that it be removed, McNiff said.

In addition, the state hopes to have software in place "within a week or so" to inspect the documents and "render unreadable" any personal data they might contain, McNiff said.

Read more about privacy in Computerworld's Privacy Knowledge Center.