Latest Post | Last 10 Posts | Archives
Previous Post: We’re still waiting, Mr. Speaker
Next Post: *** UPDATED x1 *** Old habits die hard at the Illinois State Fair
Posted in:
* Anybody this careless with sensitive private data shouldn’t be handling that data…
A state employee at the Department of Innovation and Technology — the agency tasked with securing state data — inadvertently published the names, gender, birthdates, and social security numbers of some watercraft owners to the internet, an agency spokesperson confirmed on Monday.
The Department of Natural Resources collects registration information from people who own boats, jet skis, and other watercraft to provide licenses. State law requires new watercraft license applicants to submit their social security number so the state can ensure they are in compliance with any outstanding child support obligations. DoIT, the state’s IT department, manages and maintains their database.
The data was published to the Illinois Open Data Portal, which is open to the public, between April 4th and April 8th and again from April 29th through May 1st, 2019. It has since been removed, and the agency has changed its policies to prevent it from happening again.
“The State has reviewed its policies, procedures and requirements on how data is published to the Open Data Portal and taken corrective action,” DoIT spokeswoman Jennifer Schultz said in an email. “The State immediately stopped posting information to the Open Data Portal that requires a manual extraction to ensure that human error does not occur.”
* Related…
* Following Critical Audit, New Illinois CIO Talks Improvement: “Our ultimate goal by the tail end of this is that we’ll lessen our dependency on the supplier community and we can be self-sustaining and we leverage the suppliers where we need them for scale, but our ultimate goal is this is our DNA and we should run and maintain it ourselves where applicable,” Guerrier said.
posted by Rich Miller
Monday, Aug 12, 19 @ 9:21 am
Sorry, comments are closed at this time.
Previous Post: We’re still waiting, Mr. Speaker
Next Post: *** UPDATED x1 *** Old habits die hard at the Illinois State Fair
WordPress Mobile Edition available at alexking.org.
powered by WordPress.
And IDNR is also more than a year behind on sending out stickers for some boat owners. I don’t know how a DNR officer can write ticket for an expired sticker when their department is so far behind.
Comment by Downstate Monday, Aug 12, 19 @ 9:25 am
Will Edelman law firm lobby for a private right of action in these instances?
Comment by Barry Stir Monday, Aug 12, 19 @ 9:26 am
I would be curious what the catch/deny rate is on these checks for various non-professional licenses with the ‘deadbeat list’. Considering the risks of revealing the information if it is worth it at this point.
Then again, it would seem that some sort of one-way hash on SSN wouldn’t be that hard to do either so at least if the information is released it is in a hashed format so it is a bit harder to use.
Comment by OneMan Monday, Aug 12, 19 @ 9:26 am
Oops I did it again.
https://tenor.com/view/oops-did-it-again-gif-6182978
Comment by Anyone Remember Monday, Aug 12, 19 @ 9:38 am
Maybe DuhIT?
=== to ensure that human error does not occur ===
That’s. Not. Possible.
You can put safeguards in place to reduce the likelihood of human error, but the more your system relies on software, the greater the likelihood of calamity that goes undetected or unchallenged.
I mean: look at all the people kicked off Medicaid and the colossal failure of DCFs’ child abuse prediction software.
Comment by Thomas Paine Monday, Aug 12, 19 @ 9:41 am
Bruce Rauner-Illinois’ own Herbert Hoover.
And much like that administration, it will be decades correcting the damage.
Comment by efudd Monday, Aug 12, 19 @ 9:44 am
What will the State be liable for if that information was used for identity theft?
Comment by FormerParatrooper Monday, Aug 12, 19 @ 9:49 am
Did they also publish their Yacht Rock playlists?
Comment by City Zen Monday, Aug 12, 19 @ 10:04 am
For nearly a decade the ‘true believers’ in the various Governors’ offices IT units have been evangelists for ‘data liberation’, ‘free the data’, ‘data to the people’. Transparency is good, but when you put the ‘post’ authority in the hands of zealots instead of the Agency people who understand the privacy concerns surrounding their data, you have errors like this. It won’t end unless/until you take the final authority out of the hands of the person who is evaluated on the quantity of data posted.
Comment by Rasselas Monday, Aug 12, 19 @ 11:10 am
How long does Doit get to screw up agency data before the governor realizes there are a bunch of incompetent hacks? Look what they did to the tollway and the Medicaid rolls
Comment by Peorgie tirebiter Monday, Aug 12, 19 @ 11:49 am
“there are a bunch of incompetent hacks?” Well, not *all* of them…
Comment by Skeptic Monday, Aug 12, 19 @ 12:06 pm
Rauner
Comment by Dotnonymous Monday, Aug 12, 19 @ 1:27 pm
Nearly a quarter of the way into the 21st Century and DNR says you need a SSN to register a boat?
Really?
Comment by Commonsense in Illinois Monday, Aug 12, 19 @ 2:00 pm
== “there are a bunch of incompetent hacks?” ==
Time to undo IT.
Comment by RNUG Monday, Aug 12, 19 @ 3:23 pm
== Nearly a quarter of the way into the 21st Century and DNR says you need a SSN to register a boat? ==
Yes or a fishing license and I suspect a hunting license, so they can check to see if you owe child support.
Comment by OneMan Monday, Aug 12, 19 @ 3:40 pm
==DNR says you need a SSN to register a boat==
I suspect it’s used to see if you are delinquent on any state debt. A lot of times you can’t get a state license for something if you are delinquent on state debt.
Comment by Demoralized Monday, Aug 12, 19 @ 3:40 pm