Associated Press reports:
The Illinois state auditor found significant personal information about consumers filing complaints with the Illinois Commerce Commission published on the agency’s website.
Auditor General William Holland reported Thursday that the public could search the ICC’s “e-Docket” complaint system and find names and addresses, Social Security numbers, driver’s license numbers and even credit history and medical data.
He says the disclosures appeared to violate state law.
Read more on WAND.
From the audit (pdf), which covered the two-year period ending June 30, 2011:
FINDING (Personal Confidential Information Posted on Website)
The Illinois Commerce Commission’s (Commission) practice of posting personal information from consumers on its website led to the exposure of such information.
[…]
We accessed the e-Docket system on the World Wide Web and, through a basic use of the search functions, we identified a significant amount of unprotected personal confidential information. Some examples of what we found included name and address, SSN, driver’s license number, credit history, and medical information.
[…]
After notification of the exposure by the auditors, Commission officials developed a comprehensive action plan to minimize the exposure risk of e-Docket privacy information in October 2011. The plan had the following goals:
- With Balance of Diligence and Effort, Identify and Remove Existing e-Docket Privacy Information (also perform reviews of future consumer filings to prevent posting of private information).
- Make it Difficult to Find Unidentified e-Docket Privacy Information.
- Improve Communication on Privacy Responsibilities (clearly inform utility companies and consumers to remove or obscure personal information from public versions of submissions).
Per Commission officials, implementation of the plan began in October 2011.
Additionally, in November 2011, the Commission notified individuals whose confidential personal information had been posted on the e-Docket system.