Josh Sweigart reports:
If a government misplaces a pile of documents containing confidential information in a Dumpster, they don’t have to tell anyone. If they lose a password protected laptop computer, state law requires public disclosure within 45 days.
That is why Butler County wasn’t required to tell the 10,600 people potentially affected by a security breach in 2008 that their records may have been tossed in a public trash bin — where at least one member of the public saw it — according to the Ohio Attorney General’s Office.
[…]
Pari Swift, senior records manager at the Attorney General’s Office, said there is nothing in state law that “specifically governs the disposal of public documents.”
Read more in the Oxford Press.
In a companion piece, Sweigart provided more detail on the 2008 breach in Butler County:
An investigation by this newspaper has found that Butler County’s Department of Job and Family Services learned in 2008 that confidential records from that agency were being “periodically” improperly disposed of in a public bin.
An internal analysis by the agency found that 10,600 people could have been affected.
This is the number of people who used the JFS office at 4122 Tonya Trail in Fairfield Twp., where the documents originated. They included case notes and verification forms dealing with the Ohio Works First, food stamps, Medicaid and child care programs.