Data exposure: Counties across the U.S. posting sensitive info online

Computerworld - Broward County, Fla., Maricopa County, Ariz., Fort Bend County, Texas. Three counties separated by hundreds of miles with something in common: They’re among potentially hundreds of counties in several states that in recent years have made Social Security numbers, driver's license information, bank account numbers and a variety of other personally sensitive data belonging to residents available to anyone in the world with Internet access.

The exposure follows the failure to redact sensitive information from land records and other public documents posted on the Internet and makes county Web sites a veritable treasure trove of information for identity thieves and other criminals, according to a number of privacy advocates.

“These sites are just spoon-feeding criminals the information they need,” said B.J. Ostergren, a privacy advocate based in Richmond, Va. “But no one appears to be seeing it and nobody’s changing the laws,” she said.

Among the pieces of personally identifiable information from county Web sites made available to Computerworld by Ostergren and other privacy advocates were: Rep. Tom Delay’s Social Security number on a tax lien document; the Social Security numbers for Florida Gov. Jeb Bush and his wife on a quit claim deed from 1999; driver’s license numbers, addresses, vehicle registration information, height and race of individuals arrested for traffic violations; names and dates of birth of minors from final divorce decrees and family court documents; and even complete copies of death certificates with Social Security numbers, dates of birth and cause of death. (The Social Security numbers for Bush and his wife have been redacted and are no longer available online.)

“All of this information is available to anyone sitting in a cafe in Nigeria or anywhere else in the world,” said David Bloys, a retired private investigator who publishes a newsletter called "News for Public Officials" in Shallowater, Texas. “It’s a real security threat.”

Those concerns follow news that personally identifiable information belonging to an unknown number of current and former residents of Florida are available online because sensitive information has not been removed from public records posted on county Web sites in that state.

It’s unclear exactly how many of the 3,600 county governments in the United States do the same thing, said Mark Monacelli, president of the Property Records Industry Association, a Durham, N.C.-based industry group set up to facilitate the recording of, and access to, public property information.

But it’s safe to assume that many of them are posting sensitive data online, based on the trend by local governments to provide Web-based access to public records, said Darity Wesley, CEO of Privacy Solutions, a privacy consultancy for the real estate industry based in San Diego. “I think a lot of [county] recorders have been putting [images of] public land records on the Internet without any concern about who has access to it,” Wesley said.