Update: Fla. residents’ data exposure a statewide issue
Social Security numbers, bank info is available via county Web sites

News Story by Jaikumar Vijayan

APRIL 11, 2006 (COMPUTERWORLD) – The Social Security numbers, driver’s license information and bank account details belonging to potentially millions of current and former residents of Florida are available to anyone on the Internet because sensitive information has not been redacted from public records being posted on county Web sites.Although questions about the availability of personal data online initially focused on Broward County, an official there stressed today that all counties in Florida are subject to the same state law. A spot check of other county Web sites today confirmed that sensitive data is easily available through public property records.

In fact, according to Sue Baldwin, director of the Broward County Records Division, counties across the nation face the same issue.

“Land records are public all over the country. This is not a new situation,” said Baldwin, adding that the same issue affects “all the counties in Florida … [and] lots of states.”

In fact, the Ohio secretary of state is being sued for posting residents’ Social Security numbers for years on state Web sites where publicly searchable records are stored (see “Ohio secretary of state sued over ID info posted online”).

“All this information has been out there and available since the beginning of time,” Baldwin said. “It was out there, and the people who were educated about it knew it was there. It’s been online since 1999.”

She noted that the information on the Web is in full compliance with state statutes that require counties to post public documents on the Internet.

Bruce Hogman, a county resident who raised concerns about the availability of information with the Broward County Records Division about two weeks ago, said it poses a serious risk of identity theft and fraud.

The exposure stems from the county’s failure to redact, or remove, sensitive data from images of public documents such as property records and family court documents, Hogman said. Included in the documents publicly available are dates of birth and Social Security numbers of minors, images of signatures, passport numbers, green-card details and bank account information.

“Here is the latest treasure trove available to identity thieves, and it is free to the public, courtesy of the Florida state legislature in its great Internet savvy,” Hogman said. The easy availability of such sensitive data also poses a security threat at a time of heightened terrorist concerns, he said. […]

Until the county can act, people who want sensitive information removed from an image or a copy of a public record can individually request that in writing, she said. Such a request must specify the identification page number that contains the Social Security number or other sensitive information.The county also created up an e-mail in-box that allows people to file their requests via e-mail. That address is: removepersonalinfo@broward.org.

“We have provided information pertaining to requesting redaction of protected information on our Web site at www.broward.org/records, since 2002,” Baldwin said. Since Hogman expressed his concerns, the county has made the redaction-request information more visible online.

“Aside from making the redaction- request process as user-friendly and speedy as possible, I do not have the independent authority to take any additional action regarding removing material from the public records,” Baldwin said.

She added that the information available on the Web is also freely available for public purchase and inspection at the county offices. “Professional list-making companies have always purchased copies of records and data from recorders to use in the creation of specialized marketing lists, which they sell,” she said. So too have title insurance underwriters and credit-reporting agencies.

Given that public records have been readily available, Baldwin called concerns about posting them online “a tempest in a teapot,” saying “most people’s documents don’t have [sensitive] stuff in them. There are relatively few documents that have that kind of information.”

She also said that residents concerned about personal data that may be online should check to see if information is accessible that should not be and formally request that it be removed.

“People have to assume some responsibility,” Baldwin said. “At least now people can look at this stuff and say, ‘I don’t want people looking at this’ and ask [officials] to take it off. This is a way for citizens to be informed and to manage their documents. They should regard this as an opportunity.”

Hogman, who wants the records taken down until a solution is found, said he has contacted several people — including state legislators, both of the state’s U.S. senators, the FBI and the Federal Trade Commission. So far, he has not heard back from anyone except Baldwin.

“In my estimation, ‘do nothing’ is not a good solution because it leaves the information out there for public viewing ” he said. […]

AND THERE YOU HAVE IT.

Once again, the future of Britian is clear to see from those countries that have rushed headlong into the database abyss. You should not under any circumstances put your data into the NIR. That means, you should not renew your passport if you cannot do so without having your finger prints taken, your eyes scanned and an NIR number issued to you. If you allow this, you WILL become a victim like those poor unfortunate Koreans and the unwitting americans who are being bought and sold like cows.

This entry was posted on Tuesday, April 11th, 2006 at 6:50 pm and is filed under NIR.