What data protection?

6/28/2007

GOV. Ted Strickland must be wondering why the state's inability to secure personal data of state employees and insurance claimants has become such a wreck on the information technology superhighway.

Twice in the last several weeks, such data on a storage device and a laptop have been stolen in inexcusable security lapses. They are clear evidence that in Ohio, as technology has advanced, making the storage and transport of information simpler, the guidelines and security protocols for safeguarding that information have lagged dangerously far behind.

Everyone who owns a home computer understands the dangers of worms and viruses, of attempts to steal personal information. Reasonable care is taken to safeguard those data, to secure such things as Social Security numbers.

But thanks to outdated guidelines and a cavalier attitude toward protecting such sensitive information, a data storage device was stolen from the car of an intern working on part of the Ohio Administrative Knowledge System, and a laptop was taken from the home of an employee of the Bureau of Workers' Compensation.

Mr. Strickland has moved with commendable dispatch to stop the idiotic practice of having data taken home as a security measure, and has offered identity theft monitoring to Ohioans whose personal information was hijacked. Ohioans whose data were on the BWC laptop will be offered similar assistance.

But those actions are akin to doing a great job in closing the barn door after the horse already has bolted. The key now is a state government-wide evaluation of computer security protocols and practices, and a code of conduct for the safeguarding of any computers containing sensitive data that are removed by employees or officials from government offices.

A spokesman for the governor says such security measures are the administration's goal. It should be a goal it attains in a hurry, because Ohioans today have little reason to be confident that the sensitive personal information they are required to provide the state, either as insurance claimants or employees, will be guarded with even the same level of care as home checking accounts.

Incredibly, the governor wasn't informed of the stolen BWC laptop until days after he gave a press conference on the theft of the data storage device from the intern's car - even though the BWC theft had occurred two weeks earlier.

Such a lackadaisical approach, no doubt a holdover from the Taft days, has no place in state government. An agency with as many problems as the BWC has had in recent years - one word: Coingate - doesn't need this new headache.

Protecting personal data should be a priority of the Strickland administration, in the Bureau of Workers' Compensation and throughout the state government bureaucracy.