honoluluadvertiser.com

Sponsored by:

Comment, blog & share photos

Log in | Become a member
The Honolulu Advertiser
Posted on: Saturday, December 29, 2007

State, county data may put you at ID theft risk

By Greg Wiles
Advertiser Staff Writer

A new report by the Hawai'i Identity Theft Task Force says millions of state and county records contain residents' Social Security numbers or other personal information, and that steps should be taken to limit use and access to the information.

The findings and others are included in a report being given to legislators as the state looks at ways to reduce the potential for identity theft here. A survey of state and county agencies found that 75 use records containing Social Security numbers, and people's entire numbers are available to the public in various documents at four of the agencies.

"It's really interesting how much personal information is in our records," said Honolulu attorney Marvin Dang, who is a member of the task force.

The report is the second by the task force, which has worked to research and propose state laws pertaining to identity theft. Previously, Hawai'i lawmakers have taken steps to require notification of people whose confidential information has been breached, made it a felony to possess someone's confidential information without their authorization, and required businesses and government agencies to take proper measures when disposing of records containing personal data.

The new report also found:

  • Five agencies printed or embedded full Social Security numbers on cards individuals use to get services.

  • 15 agencies said they require people to input their entire Social Security number to access a Web site.

  • 44 agencies said they print entire Social Security numbers when mailing some forms to individuals.

  • 25 said they disclosed Social Security numbers to third parties. Most of these instances involved communications with other agencies.

    The task force made 12 recommendations, including annual agency reports on personal information that's held, who has access and justification for the system.

    "What we found is that the government agencies didn't have a lot of this in place to protect against the dissemination of personal information," Dang said, explaining that different agencies have different policies.

    "No one group or person is taking responsibility for all of this."

    The recommendations also include requiring government agencies to produce a plan to protect and edit personal information in existing records that are made available to the public. Other suggestions would require agency planning to eliminate the unnecessary collection and use of Social Security numbers, while also requiring state and county agencies to assign policy and oversight responsibilities when it comes to protecting the information.

    Among other recommendations are development of state and county guidelines on whether and how to inform people about data breaches in which personal information was lost, as well as making sure government agencies receive guidance on ways to improve security measures.

    Reach Greg Wiles at gwiles@honoluluadvertiser.com.

    Make a difference. Donate to The Advertiser Christmas Fund.