Dr. Joe Campana a privacy and information security expert and author of a book on privacy and information security, Privacy MakeOver: The Essential Guide to Best Practices , recently produced a short video for National Data Privacy Day 2009, "Stealing Social Security Numbers on the Web" , which demonstrates how easy it is to access Social Security Numbers on government Web sites. Campana produced and published the video to bring this common risk to the attention of consumers.
Campana said, "What I didn't realize, when I produced the video last month, was that the County I reside in allows access to taxpayer Social Security Numbers through Web access to land and other legal records." He said, "you don't even have to go to the County Clerk's Office to get them, the county is selling Social Security Numbers through the web for $5.95.
Dr. Campana said he accessed the records through the Dane County, Wisconsin Web site. The county provides online access through Tapestry, a third party system operated by Fidlar Technologies (Rock Island, IL) that maintains the records. Web access to records on Tapestry is available for 17 counties in Wisconsin and nearly 100 counties nationwide in nine states.
The video Campana produced last month highlighted a County in Oklahoma whose database is maintained by Landaccess.com operated by ACS Government Land Records, which provides services to about 50 counties in several states. Access to that county's records is free.
Campana said, "These data management companies ought to be taking a responsible role in managing consumer records. They should be advising their clients, local government, that today they shouldn't allow Social Security Numbers and other sensitive information to be visible for crooks to cherry pick!"
Campana notes, "Social Security Numbers can be used to perpetrate a wide variety of identity theft crimes including medical identity theft; committing crimes under the identity of an innocent person; obtaining false government identification such as driver's licenses and passports that can be used for nefarious purposes such as eluding law enforcement and acts of terrorism; and for various types of fraud--financial, account, employment, Social Security, tax, and insurance"
Campana says that Wisconsin's Breach Notification Law (895.507) specifically requires any organization including local government to notify consumers when their personal information is disclosed if the information is not publicly available and is not encrypted, redacted or rendered unreadable.
The business sector loses a trillion dollars a year on lost, stolen and improperly accessed intellectual property including consumer and employee data. The Private Sector passes those costs onto consumers. Consumers who are victimized by various identity crimes bear an individual financial, time and emotional cost, which can be substantial. According to Campana, it is becoming common for consumers to retaliate against businesses that do not protect their information by doing business elsewhere, filing complaints with authorities or initiating lawsuits.
"In the government sector, these data losses are not valued as in the private sector, and constituents may feel helpless--there is no one to complain to. Taxpayers just bear the expenses and the burden of identity theft," said Campana.
Next week, Campana is due to release a comprehensive analysis and report of over 1,100 data breaches reported by all sectors--private, public and volunteer during the four-year period 2005-2008.
Dr. Campana said, "in my analysis I determined that a prevalent method of data breaches by City and County Governments is through Web access to unprotected databases. In the four-year period, 37 counties nationwide reported data breaches of various types and 27% were by Web access. Today, I just identified about 100 more counties that should have been on that data breach list, including Dane County, Wisconsin."
J. Campana and Associates llc provides identity theft, privacy and information security solutions including education, training, compliance and advisory services tailored for small and medium sized enterprises including businesses, local government, schools and not-for-profit organizations. |
