back to article Anyone seen my DVD? Ohio loses disc holding 50,000 citizens' records

Ohio's Regional Income Tax Agency (RITA) slipped out a quiet end-of-year confession that it has lost a backup DVD with information and documents on 50,000 individuals. The loss was discovered on November 10, 2015, but only made public on December 31. RITA's statement says the agency was preparing a bunch of backup DVDs for …

  1. Marketing Hack Silver badge
    FAIL

    "...affected will be offered a year of free credit monitoring..."

    Oh, that makes it all better then! And after the year is over, and the affected taxpayers have their tax returns, Social Security numbers and investment, mortgage and interest bearing bank account numbers still out there, I am sure that things will be just fine. (/sarcasm off)

    Maybe we will be lucky and whoever finds the DVD chucks it in the garbage.

    1. Prst. V.Jeltz Silver badge
      Headmaster

      Re: "...affected will be offered a year of free credit monitoring..."

      (/sarcasm off)

      double negative!

  2. This post has been deleted by its author

    1. Pascal Monett Silver badge

      The fact that they only noticed the loss when preparing the backups for destruction is more worrying : it means that the disc has been AWOL for quite a while in that "secure" facility.

      Something needs to be done about the procedures for storing data. From RITA's declaration, it is impossible to know whether the DVD ever got to the storage facility in the first place, or whether it went AWOL on-site. Why is that data not available ? A proper paper trail should allow discovery if the disc ever got there, at the condition that somebody on-site actually eyeballed all containers to ensure proper sign-in of data. I would think that a "secure" storage facility would do that par for the course.

      RITA's declaration stipulates that "From our investigation, we believe the DVD was most likely destroyed in accordance with our usual process for unlabeled DVDs". That means that data written to a DVD made for backup purposes went into storage unlabelled ? How can backup procedures function properly if they send unlabelled DVDs into storage, and why didn't the "secure" storage vendor not raise a flag on that point ? Or maybe a flag was raised, which allows them to make that declaration, but then why is the issue coming up now ?

      There is something of a mess in the data storage procedures in Ohio.

      1. graeme leggett

        Unlabelled disc destruction policy might be - if you find an unlabelled disc, don't put it in a drive but shred it unseen.

        Bit awkward if you've left your desk to get a new CD pen from stationery.

        1. Smooth Newt

          Unlabelled disc destruction policy might be - if you find an unlabelled disc, don't put it in a drive but shred it unseen.

          I think that would escalate a mistake into a calamity, since it would convert an unlabelled disk into a "lost disk", resulting in El Reg articles and worse.

      2. NotBob

        A proper paper trail should allow discovery if the disc ever got there...

        We used to have those, but we went paperless. Somewhere there's a disk with all the logs. Not sure where I put it, though...

    2. John Arthur
      Stop

      Shirely if one was going to nick a disc load of data you would just make a copy and put the original back? Or is that too simple?

      1. BobRocket

        If you put the disk back then the loss will never be discovered and the credit agency won't get paid to monitor another sack full of 'willing' user information.

        (data that may/will be shared with associated companies to sell you more stuff)

  3. skeptical i

    I went back to Ohio

    and my data was gone.

    DVDs disappeared,

    There were none to be found.

    (Apologies to Chrissie Hynde.)

    1. pmartin66

      Re: I went back to Ohio

      I love Chrissie and the band. This article made me think of Neil Young's Ohio.... LOL

      https://www.youtube.com/watch?v=MN_9VqfVQ9c

  4. D Moss Esq

    For "Ohio 2015", read "Iowa 2007"

    Ann Treneman's parliamentary sketch in the Times, 18 December 2007, This is shaping up to be Gordon Brown’s Winter of Disc Content:

    The details of three million learner drivers in Britain have gone missing from a facility in Iowa City, Iowa.

    ... surely, nobody who lives in Britain should have to have their driving licence details stored there. (Or not, as the case now is.)

    If we have to have globalisation, the details should be stored somewhere more glamorous than Iowa, which is famous for its early presidential primary and its giant pigs. I am sure that none of the three million Brits ever thought that they would be stored on a hard disc in Iowa City ...

    Only the Government could lose three million learner drivers in a place where they cannot drive anyway but if they could they would be on the wrong side of the road.

    ... a “hard disc drive” had gone missing from a “secure” facility.

    Why did she [Ruth Kelly, Transport Secretary at the time] call the facility “secure”? This is, by definition, an insecure facility. The whole thing was proof, if more were needed, that this Government has L-plates. I am not sure that it should even be driving, much less be allowed on what used to be called, rather quaintly, the information superhighway.

  5. a_yank_lurker Silver badge
    Pint

    Tax Reform?

    With the amount of personal information required to file income taxes and given the incompetency of various governments at protecting personal information it seems more reasonable to ditch income taxes as a security risk and consider other tax options. Sales taxes and VAT are not tracked to the individual particularly if one pays cash. Various excise and sin taxes are the same way.

    1. Rich 11 Silver badge

      Re: Tax Reform?

      Are you a libertarian, by any chance? One of those people who only wants to see taxes on consumption and not on income, whether earned or not. One of those people who wants the poor to pay the same as the rich, thus making the poor poorer and the rich richer while proclaiming that society is fairer and everyone has equality of opportunity...

      1. Anonymous Coward
        Anonymous Coward

        Re: Tax Reform?

        There's something to be said through selective (ie zero-rating essentials) use of VAT to raise revenue.

        Still not entirely equitable, but one approach, and many nations seem to survive with VAT.

      2. Kumar2012

        Re: Tax Reform?

        Taxes on consumption would be the fairest way to tax, sick and tired of 'poor' people buying $200 sneakers and flat screen TVs with other people's money (i.e. government handouts). In a purely consumption based tax system, if the 'poor' wanted to splurge then they will pay for it like everyone else.

  6. Steve Evans

    Of course...

    As this isn't the 90s any more, and nobody without a clue is left in charge of sensitive data, the data was encrypted... wasn't it?

    (Need an icon for not holding breath).

    1. Anonymous Coward
      Anonymous Coward

      Re: Of course...

      ...encrypted you say, hmmmm, I'll take a look for the lost DVD down by the cemetery then...

  7. Anonymous Coward
    Anonymous Coward

    Check the CEO's office

    He's probably using the DVD as a fancy coffee coaster.

  8. Captain Badmouth
    Devil

    The backups had been stored off-site at a "third-rate vendor's secure facility.

    More truthful.

    1. boltar Silver badge

      "More truthful."

      You forgot CHEAP third rate vendor. Because we all know the only thing that matters is cost and politicians having someone to point an accusing finger at when things go wrong.

  9. Anonymous South African Coward Silver badge

    "oops, shredded the wrong disk"

    "shut yer gob and keep yer head low"

  10. Peter Simpson 1
    Thumb Up

    Most probable explanation

    Disc was left in someone's drive. Drive (and attached computer) then sent to recycling facility.

  11. earl grey Silver badge
    Flame

    RITA are shite anyway

    And heaven help you if you run afoul of them. they won't hesitate to roast your nuts over an open fire.

    this fire is for them.

  12. Stevie Silver badge

    Bah!

    In other news, Congress still being thick over issue of "back doored" security, insisting that "only the government will have access to the keys".

    With middle initial. On ten speed derailleur-equipped tourer.

  13. wolfetone Silver badge

    A ringing endorsement for CD/DVD cases everywhere...

    "Your data remains safe inside this plastic book-like case, but if the disc was ever to leave the confinement of that safe haven then you're going to have a bad time."

  14. Cincinnataroo

    Doesn't this make you wish the government held absolutely all your data?

  15. jukejoint

    I worked managing records security for law enforcement. The records in question are commonly referred to as "evidence" which means there is to be an unbroken traceable chain of its storage complete with signatures, etc., comporting with the law.

    Our accounting manager, who oversaw IT, wanted to give his IT employees more office space. He wished to eliminate our office space (we could do our jobs "anywhere") as half of the second floor and the entire first floor wasn't enough space.

    Many records had a window of expiration; some did not and were to be preserved until the cows all came home after Armageddon. He made plans to move the records into the janitors' closet in the hallway, with its secure 'locked door' opening onto the hallway by the entrance to the restrooms. The records' closet, however, was behind its own locked door inside a locked office with access granted to 3 people. Exits and entries were also recorded electronically.

    His plan to move the records into the janitors' closet came to naught when it was pointed out to him, via the building's blueprints, that the record closet in the record office was especially constructed so as to make it fire- and disaster-proof (i.e., encased in heavy metal behind the walls, ceilings, and floor). The janitor's closet, was not, although it had the advantage of being much smaller!

    Long story to say: preservation of critical records was maintained. I, however, was reassigned. (Not to the hallway closet, thankfully.) I then realized that taking security seriously was something that only pesky troublemakers did.

    I know Ohio. I have my suspicions that the secure facility was whatever the last beancounter said it was. Perhaps something along the lines of "U-STOR-IT" with easy freeway access.

  16. MachDiamond Silver badge

    Laptops are bad for government employees

    "Losing" the back up disc sounds as fishy as the US IRS chief "losing" copies of emails due to a hard drive failure. I back up to 2 sets of HD's and have never lost any of them.

    I always wonder why government records are allowed to be transferred to a laptop and removed from the offices. The government workers I have to deal with from time to time are hostile and lazy. I just don't see them taking work home, nor should it be allowed. A car window can be smashed and anything in plain view taken in seconds. It happens to often to be surprising.

    Sensitive data must be handled securely or the agency/company shouldn't be allowed to keep it. A year's worth of credit monitoring is useless. Once somebody has your particulars, you're sunk forever. Maybe agencies that fumble the ball should be on the hook for providing credit monitoring to all affected for life.

  17. allthecoolshortnamesweretaken Silver badge

    Who do they think they are? The MoD?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019