2006-11-30

Bi-Tek

Johnston County in North Carolina has gotten a temporary court order to get Google to remove a page from cache. The page contained the personal information of county residents including social security numbers and cell phone numbers. The news has focused the fact that Google did not respond instantaneously causing Johnston County to seek a court order from an NC judge and not the fact that one of the county's contractors was negligent in its handling of sensitive data.

While it is disturbing that Google doesn't respond faster to requests to clear Personally Identifiable Information from its cache... Johnston county did leave the information languishing on the Internet for six weeks. And, how did this information make it to the web anyhow?

The News and Observer Article states that Bi-Tek creates a file that is posted to the Johnston county website and this file is supposed to contain only names, addresses, and non-private account numbers. Bi-Tek made a mistake that instead posted private data to the Internet.

Earlier this year the VA had its own incident where it potentially exposed the personal information of millions of veterans. Proving that large and small organisations alike have to fight employee ignorance, malice, and indifference regarding sensitive data. The questions that the press should really be asking might be:
  1. What is going to happen to Bi-Tek for this mistake?
  2. What are they going to do at Johnston County to make sure this never happens again?
  3. Will Google be motivated to create a special "Oops! I posted my credit card number on a bulletin board!" call center?
  4. Should software companies that handle sensitive banking, tax, and accounting data have to be certified? And, would an incident like this revoke the license of such a company? Should they ever get it back?
If you pay taxes in Johnston County, North Carolina you should be concerned about the security of your tax information and you should be asking questions about Bi-Tek, Johnston County's website, and what they are doing to safe guard your personal information that they have stewardship over.

No comments: