Update: Fla. residents' data exposure a statewide issue

Computerworld - The Social Security numbers, driver's license information and bank account details belonging to potentially millions of current and former residents of Florida are available to anyone on the Internet because sensitive information has not been redacted from public records being posted on county Web sites.

Although questions about the availability of personal data online initially focused on Broward County, an official there stressed today that all counties in Florida are subject to the same state law. A spot check of other county Web sites today confirmed that sensitive data is easily available through public property records.

In fact, according to Sue Baldwin, director of the Broward County Records Division, counties across the nation face the same issue.

"Land records are public all over the country. This is not a new situation," said Baldwin, adding that the same issue affects "all the counties in Florida ... [and] lots of states."

In fact, the Ohio secretary of state is being sued for posting residents’ Social Security numbers for years on state Web sites where publicly searchable records are stored (see "Ohio secretary of state sued over ID info posted online").

"All this information has been out there and available since the beginning of time," Baldwin said. "It was out there, and the people who were educated about it knew it was there. It's been online since 1999."

She noted that the information on the Web is in full compliance with state statutes that require counties to post public documents on the Internet.

Bruce Hogman, a county resident who raised concerns about the availability of information with the Broward County Records Division about two weeks ago, said it poses a serious risk of identity theft and fraud.

The exposure stems from the county’s failure to redact, or remove, sensitive data from images of public documents such as property records and family court documents, Hogman said. Included in the documents publicly available are dates of birth and Social Security numbers of minors, images of signatures, passport numbers, green-card details and bank account information.

“Here is the latest treasure trove available to identity thieves, and it is free to the public, courtesy of the Florida state legislature in its great Internet savvy,” Hogman said. The easy availability of such sensitive data also poses a security threat at a time of heightened terrorist concerns, he said.

Baldwin said the county is aware of Hogman’s concerns but said state laws require all state recorders to maintain a Web site for official records. To meet those statutory requirements, the public records search section of www.broward.org contains images of public records dating to 1978, many of which are likely to contain sensitive information such as Social Security numbers, she said.