Georgia on the mind of three million after CD loss

One more reason to fear data handlers

By Dan Goodin in San Francisco • Get more from this author

Posted in ID, 11th April 2007 00:11 GMT

Free whitepaper – Certify your software integrity with Thawte code signing certificates

Sensitive personal information on 2.9 million Georgia residents is at risk after a company lost a CD that contained the details.

It is at least the third such blunder in less than a week and raises serious doubts about the measures private companies and public officials take to safeguard individuals from identity theft.

The CD lost by Affiliated Computer Systems (ACS), which was hired to handle the information, contained full names, addresses, birth dates, social security numbers and member identification for recipients of Medicaid and other medical programs, according to an advisory (PDF) from the Georgia Department of Community Health (DCH). The department said it has called on ACS to notify all those affected and assist them in monitoring their credit reports.

But the DCH's assurances amount to little more than chasing the stallion after it's bolted the barn. And it begs the question why it hadn't taken steps to ensure the information was encrypted in the first place.

The same goes for administrators at the Chicago Public Schools (CPS), which didn't take similar common-sense precautions with a laptop containing the names and social security numbers of 40,000 teachers. (The notebook was swiped from the CPS's headquarters on Friday.) Or for that matter, why officials at the University of California, San Francisco, didn't do more to protect 46,000 people whose personal information may may have been stolen last week.

Those concerned about the DCH goof can ask questions by calling +1-866-213-3969. ®

Free whitepaper – The shortcut guide to managing certificate lifecycles