Angela Delli Santi reports:
Taxpayers’ Social Security numbers, confidential child abuse reports and personnel reviews of New Jersey workers nearly went to the highest bidder after the state sent surplus computers out for auction.
Nearly 80 percent of surplus computers in a comptroller’s office sample had not been scrubbed of data before being shipped to a warehouse, according to an audit released Wednesday.
Read more form the AP in the Orlando Sentinel.
Related:
Office of the Comptroller press release, March 9, 2011 (pdf)
Audit Report (pdf), March 9, 2011 (pdf)
From the report (p. 6):
As part of our audit research process, in January 2010 we obtained six hard drives and one laptop computer from the Warehouse. Despite the State’s degaussing requirements, one of the hard drives contained a list of children placed outside the parental home, and the laptop contained numerous files of a State judge, including:
- the judge’s life insurance trust agreement, his tax returns for three years and a final mortgage payment letter that included the address of the property and the account number;
- two documents with the judge’s Social Security number;
- a “confidential fax” to the New Jersey Lawyers Assistance Program concerning an attorney’s “personal emotional problems”; and
- non-public memoranda by the judge concerning potential impropriety by two lawyers
Note that as I have often pointed out, medical data resides on systems that are not under federal medical privacy laws like HIPAA. In this case, here’s what investigators found on one drive (p.10):
More than 230 files related to State investigative case screenings and reports of child abuse, endangerment and neglect. Many of the reports contained the names and addresses of the children. The files also included a child fatality report, child immunization records and a child health evaluation.
There was a vast amount of personal, sensitive, and confidential information on these computers.
Will any heads over this major security FAIL? If not, why not?