Warning this article may contain opinions of the author that you and iTWire don't necessarily agree with. Don't let them get away with it - have your say with a comment!

No. 1 Story

HP job cuts loom for Australian employees

A number of Australian employees of Hewlett-Packard are facing the loss of their jobs as the global computer giant looks to slash its worldwide workforce by up to 30,000.

read more

Popular Threads

Ohio data protection policy an accident waiting to happen

Stan Beer
Thursday, 21 June 2007 19:53

Opinion and Analysis

View Comments
Imagine a state government agency entrusting highly personal details of more than 300,000 citizens to the safe-keeping of a 22 year old employee in training and asking that inexperienced young worker to take the sensitive data out of the office and keep it at his house overnight. It's hard to believe that such a thing could happen. But happen it did, as did the dire consequences such a foolish action invited.

The theft of the storage device containing information, such as names and social security numbers of 225,000 Ohio citizens who hadn't cashed tax refund cheques and payroll information of 64,000 Ohio state employees, from a government intern's unlocked car has made national news in the US.

The circumstances surrounding the theft could almost be considered an invitation for a security breach to occur.

Incredibly, however, consigning the back-up storage device to the custody of a final year college student to take home was considered to be a security precaution. It's doubtful that the people whose personal records are stored on the stolen device would be feeling very secure right now, knowing that their  unencrypted private information is exposed to prying eyes.

The Ohio Government is naturally in damage control, claiming that the data is safe because it needs knowledge and technology to access it. Such things are not in short supply in the US, whatever the state, making the claim therefore seem nonsensical.

The wash-up is that the Ohio Government will have to hand over several million to pay for identity theft protection for the hundreds of thousands of citizens whose security has been compromised. It is only now that the state will review its security procedures.

The frightening thing is that if such poor security procedures were in place within a US state government, then there is a chance that some other state governments may also have inadequate data protection systems. Perhaps the same thing holds true for governments holding data on citizens in countries like Canada, Britain and Australia.

It is to be hoped that the Ohio data security incident is a one-off. If it isn't, then perhaps other governments should take note and review their data protection procedures. There have been far too many accidents and thefts concerning the personal data of unsuspecting people in recent months and years. It comes as a rude awakening that it isn't only corporations that lose data off the back of a truck.

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases