While it is disturbing that Google doesn't respond faster to requests to clear Personally Identifiable Information from its cache... Johnston county did leave the information languishing on the Internet for six weeks. And, how did this information make it to the web anyhow?
The News and Observer Article states that Bi-Tek creates a file that is posted to the Johnston county website and this file is supposed to contain only names, addresses, and non-private account numbers. Bi-Tek made a mistake that instead posted private data to the Internet.
Earlier this year the VA had its own incident where it potentially exposed the personal information of millions of veterans. Proving that large and small organisations alike have to fight employee ignorance, malice, and indifference regarding sensitive data. The questions that the press should really be asking might be:
- What is going to happen to Bi-Tek for this mistake?
- What are they going to do at Johnston County to make sure this never happens again?
- Will Google be motivated to create a special "Oops! I posted my credit card number on a bulletin board!" call center?
- Should software companies that handle sensitive banking, tax, and accounting data have to be certified? And, would an incident like this revoke the license of such a company? Should they ever get it back?
