The OpSec Blog

Security and privacy information and advice at home and abroad.

Oops! New Jersey Almost Sells Off Personal Data

leave a comment »

The New York Times broke a story this week entitled, “New Jersey Nearly Sold Secret Data.”  While it’s a bit of a mislabel- Social Security numbers are not “Secret” in the National Security Classification system- they belong to a rapidly developing set of identifiers known as Personally Identifying Information (PII).

New Jersey’s PII almost-breach is sadly not uncommon.  While the State Department and “other” agencies have strict rules regarding the disposal of electronic media, many other non-National Security critical domestic agencies and state governments do not.  By not taking adequate measures to ensure that people’s data is erased off of hard drives being sold as excess, these organizations are doing their customers- you, the taxpayer, a great disservice.

The security of PII overseas takes on new importance.  In addition to the PII of our employees serving abroad, embassies and consulates obtain PII on foreign nationals working in our facilities as well as visa applicants attempting to gain entry to the United States.  In certain countries this could be of great interest to the host government looking to keep a suspicious eye on its citizens.

So, what can you do?  Domestically you can’t really avoid giving your information to the government entities that request it, although you can ask if it’s really necessary to give out your SSN over the phone in the middle of your office cube farm (use of SSNs as a security question is an awful practice).  What you can do is support legislation that mandates industry-standard encryption of PII, safe handling of PII, and thorough media sanitation for devices that store and process PII when they are being end-of-lifed.  Write to your state legislator(s).  Write to your local government as well.  PII is something we all have a stake in, and it’s time that governments start recognizing it.

Advertisements

Written by OSB

13/03/2011 at 10:57

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: