Ohio docks official one week's holiday for data breach Ohio's Department of Administrative Services says it's learned its lesson following the pilfering of a tape that contained personal data belonging to more than 130,000 people. And to prove it the agency is docking a whole week's holiday time from the man who failed to ensure the security of the information. Jerry Miller, a …
An email I just fired off to the Governor of the State of Ohio:
The rather less than serious effort the state has made in protecting our personal information.
According to this source, the gentleman who did not follow proper security & privacy guide lines got docked only a weeks pay for his part in the loss of 100,000 + peoples personal information.
Bravo! Had this happened in the private sector, not only would the indivdual be behind bars, but the civil liability would be enormous. I'm so very happy you idiots take the privacy of the citizens of this state so damn seriously. If little "mistakes" like this happen in the real world, how can one seriously argue that a government entity do better?
Don't slam the guy who gets docked a week because of this. We don't know if he is just the token offered up as a pitifully small sacrifice. If the state didn't allocate enough resources you can't blame someone who just is not up to the task... That's like blaming one wimpy firefighter for not being able to put out a forest fire by them self.
I don't know if ONLY one person is to blame, but the state has one thing right - They did not allocate the right resources for the job.
"The loss of the tape, which contained social security numbers and other sensitive information, is expected to cost the state about $3m."
Wow, that's one expensive tape! Was it custom-made?
Assuming full disclosure is required for those people affected, here is a VERY generous estimate. Cost of tape: $100 (estimate). Cost of time to look up individuals' information, create a mail merge, create a generic "Oops! We lost your info, sorry." letter, and merge to create letters to send to the people: $500 (5 hours * $100/hr). Cost in labor to print those letters: $21,700 (10ppm [217 hours] * $100/hr). Cost of paper and ink to print those letters: $9,100 (7 cents * 130,000 letters). Cost in labor to stuff and seal envelopes: $36,112 (10 seconds per envelope * 130,000 letters * $100/hr). Cost to mail letters: $53,300 (41 cents * 130,000 letters). OK, so totaled up, that's $120,812.
Can someone point to where the other $2,879,188 comes from? Or are they using the usual government format of "Well, it cost us $x to redesign the system properly and implement it the way it should have been." in coming up with that estimate? It was a lost tape. It's not like someone hacked into the system (where I can possibly understand large costs of having to inspect the system in minute detail to make sure it's safe again).
Common Chris don't be as slow as the guy that lost the tape!
One would assume that the bulk of the $3m would be spent on arranging credit protection facilities for those that have had their details compromised rather than just sending them a letter informing them of the incident.
Certainly I've seen other large organisations offer this service for 12-24 months after the disclosure to those affected, its the least they can do.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
