Business & Finance
09:15 PM
Connect Directly
Repost This

Sad State Of Data Security

Businesses and government agencies seem inept when it comes to protecting personal information, as the list of mishaps keeps getting longer.

How does this keep happening? Companies have been publicly humiliated, slapped with audits, and threatened with prosecution, but sensitive personal data continues to be compromised. The U.S. Department of Justice is the latest to demonstrate its information-security incompetence. The mistake: exposing Social Security numbers on its Web site.

It's the IT problem that just won't go away. From the time early last year that ChoicePoint Inc. admitted it had been duped into revealing personal data to identity thieves, dozens of other businesses, government agencies, and schools have followed with their own admissions of ineptitude. In most cases, victims can't do much more than keep a watchful eye on their financial statements and credit reports--and hope for the best. Not surprisingly, fraud is on the rise and consumer confidence on the decline.

The Justice Department's blunder came to light when InformationWeek investigated the concerns of Nick Staff, a systems security manager at a large bank, who had grown frustrated when Justice failed to remove several Social Security numbers from its Web site,, after Staff contacted the agency directly. In one case, the Social Security number of a woman involved in a 2003 immigration-review case was included in documentation about the case. Additional site searches yielded other peoples' numbers in a half-dozen other places.

It's not clear whether the Justice Department broke any laws or regulations in exposing Social Security numbers. It's bound by the Privacy Act, which sets terms for how federal agencies use and disclose personal information, and by its own privacy policies. The Privacy Act, however, is frustratingly fuzzy and comes with a dozen exceptions.

A spokesman for the Justice Department's Executive Office for Immigration Review acknowledged last week that Social Security numbers shouldn't be available to the public and said the information would be removed from the site. He added that, in the 2003 immigration-review case, the affected person would be notified about what had happened.

But cleaning up is harder than it sounds. A subsequent search of showed that the PDF document on the 2003 immigration case had been blocked from public view, but Google and Yahoo searches provided a link to a text version of the blocked PDF, and the Social Security number continued to be visible. The spokesman said his office still was looking into how to have the documents removed from Google's and Yahoo's search caches. The department was unable to provide further information last week, as many employees were out of the office during the holiday week.

InformationWeek Download

Staff came across the Social Security numbers while looking for FBI comments on phishing and notified the Justice Department by E-mail on Nov. 12 that the numbers were displayed on its site. He followed up via E-mail three weeks later and was notified on Dec. 6 by the site's Webmaster that his E-mail had been forwarded to a "responsible component" within the department. Staff contacted InformationWeek almost two weeks later, on Dec. 19, when he saw that the name and number were still on the site. "I would not have gone public with this had the DOJ acted accordingly," he says.

1 of 3
Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.