The Baltimore Sun reports on privacy breaches at government agencies and what the departments need to do to better protect individuals’ personal data:
A state employee posted the Social Security numbers of nearly 3,000 Maryland residents online for weeks, a security breach that experts say raises questions about the way the government guards personal data and whether it needs it in the first place.
The information was collected by an employee of the state Department of Human Resources, which handles welfare benefits for needy families. The worker, who posted the information on a private website, has been suspended. State officials are notifying those whose information was available.
The watchdog who uncovered the breach said the episode illustrates how Maryland’s government and others need to restrict access to data and better protect it.
“The goal should be to create a culture where everyone knows they’ll be held responsible for dealing with this very precious asset called personal information,” said Aaron Titus, privacy director of the nonprofit Liberty Coalition, which works to maintain online privacy. […]
The department handles thousands of applications a month for government services that include food stamps and emergency medical benefits, and processes the benefits using data such as Social Security numbers. […]
[A spokeswoman for the Maryland Department of Human Resources] stressed that the breach was caused by a staff member acting against protocol and said employees are given the minimum access necessary to perform their jobs and that access is monitored and periodically reviewed. […]
State officials said they do not know whether any of the information has been used fraudulently.