COLUMBUS - For the second time in a month state officials yesterday announced that personal information of Ohioans has been endangered by the theft of computerized data from a state employee.
Officials with the Ohio Bureau of Workers' Compensation revealed that a laptop computer stolen from the home of an employee nearly a month ago contained the names, Social Security numbers, and potential medical information of 439 injured workers.
Although publicly revealed yesterday, the theft predated Gov. Ted Strickland's announcement on June 15 that a data storage device was stolen from the car of a 22-year-old state intern on June 10, putting at risk tens of thousands of Ohioans' personal information.
The BWC computer was stolen on May 30, more than two weeks before the bureau began to investigate what information it might have contained.
The review was triggered by the revelation that the state had a much bigger problem with the theft of the backup data storage device containing personal information of what was then believed to be 64,000 state employees.
"I was concerned that there didn't appear to be internal sensitivity around the urgency of what was on that computer," said BWC Director Marsha Ryan, who said she wasn't informed of the theft until June 15.
"It hadn't risen to the level of examining the implications of the loss of that asset, the computer," she said.
"I immediately began to ask questions about the policies, procedures, and what we did in terms of following through when an asset is stolen," she said.
Nine Twitty, an auditor at the bureau who has worked for the state for 27 years, was conducting a review of 24 self-insured employers and was spot-checking past worker accounts. The information was as old as one to two years, said BWC spokesman Keary McCarthy.
He said the bureau is working to find the most recent addresses for these workers and is in the process of contacting them. They will be offered the same identity theft monitoring services that the state has offered to state employees, their dependents, and about 225,000 Ohio taxpayers whose personal information was more recently discovered to be on the state data device stolen from the intern.
Mr. McCarthy said the laptop was the only item of significance taken in the May 30 burglary of the auditor's home.
The theft was reported to Columbus police and to the auditor's supervisor.
Mr. Strickland was told of the BWC laptop problem four days after his June 15 press conference, Mr. McCarthy said.
"That's clearly not up to par, which the governor made expressly clear after learning that the data device [stolen June 10] contained sensitive information," said Strickland spokesman Keith Dailey.
"We need standardized information, technology, and data security protocol," Mr. Dailey said. "The administration's goal is to implement an interagency policy that will aim to prevent the possibility of data theft from occurring in the future."
State employees and an outside computer expert continue to review the twin of the backup data storage device stolen from an intern's car. The intern had been working in an office testing part of the Ohio Administrative Knowledge System, a new $158 million system consolidating the state's payroll, purchasing, and accounting functions.
Unlike the backup storage device, the BWC laptop contained only the information the employee was directly working on at the time. Although password protected, it was not encrypted.
Some of the information contained on the laptop was deemed public information until the passage of recent legislation, Mr. McCarthy noted. Social Security numbers, however, were never considered to be public.
Phil Fulton, a Columbus attorney who specializes in workers' compensation cases, said injured workers have enough to deal with without having to worry about their personal information being compromised.
"I occasionally have a client who feels that once he has submitted a claim, his life is open to the world," he said. "It's not an uncommon concern of injured workers. This could have the effect of people saying, 'I can't file a claim because I'm risking all of my private information being obtained by someone.'•''
Ms. Ryan said there is no evidence that whoever stole the device was interested in the data it contained as opposed to the laptop itself.
"As a public institution, we must be more diligent in protecting the personal information contained on both internal and external digital devices," she said.
Contact Jim Provance at: email@example.com, or 614-221-0496.39.96196 -83.00298