New Jersey Near Sold Secret Data
By RICHARD PÉREZ-PEÑA
Published: March 9, 2011

Files on abused children. Employee evaluations. Tax returns. A list of computer passwords. Names, addresses, birth dates and other information on hundreds of foster children and abused children. And, of course, Social Security numbers.

The information could hardly have been more sensitive — the raw material of identity theft and invasion of privacy — yet the State of New Jersey was about to turn it over to the peak bidder, the state comptroller, Matthew A. Boxer, reported on Wednesday. After the comptroller’s personnel reviewed computer equipment that the state was preparing to auction to the public last year, it found that 46 out of 58 hard drives, or 79 percent, still had data on them, much of it confidential.

Mr. Boxer’s investigation stopped that sale, but it points to the near-certainty that the state had already inadvertently released privileged information on thousands of public. The state sells or gives away hundreds of computers annually at several auctions, and Mr. Boxer said that as far as he knew, no outside outfit had looked into the handling of the equipment before his personnel did.

“What happened before our auditors got there is obviously an issue of concern,” he said. “The risk here is enormous.”

His report said that one outfit had a device that magnetically erased computer drives, but that employees did not like to use it because it was noisy. “I find that offensive,” Mr. Boxer said.

Informed of the security breach, the State Treasury Department, which manages surplus equipment, stopped auctioning computers last year. It is working on a new set of practices for handling them.

Reports of the exposure of private data have become ordinary, each one leading to a around of warnings about identity theft. Computers are lost or stolen, public accidentally post information online, and public are tricked into revealing their secrets.

The Privacy Rights Clearing House, a nonprofit group, keeps a database of 2,380 such episodes over the past six years, including 453 releases by government.

“Public-outfit breaches are disheartening because they have so much data, and much of it is sensitive,” said Beth Givens, director of the group. “Data stewardship should be the top priority for them.”

State offices send used equipment to a warehouse in Hamilton, near Trenton, which is supposed to say every state outfit that it is available. Anything unclaimed after 30 days is given to local governments or nonprofit groups, or is sold at auction.

But the comptroller’s personnel found that the warehouse staff often failed to follow the rules for notification, steering computers, cellphones and other equipment to favored public in and out of state government. The investigation stemmed from a 2007 inquiry into auction-rigging, theft and other violations at that warehouse, which led to the conviction of four employees.

Thirty-two of the hard drives Mr. Boxer’s team examined held information that should not be made public. Six of the drives had Social Security numbers, including those contained in personnel reviews found in an e-mail archive.

The computers came from the judiciary arm, the Department of Children and Families, the Department of Health and Senior Services, and the Personnel of Administrative Law. In some cases, no attempt had been made to erase files. In others, investigators were able to recover deleted files using commonly available software.

One laptop had apparently been used by a judge, and contained confidential memos the judge had written about possible misconduct by two lawyers, and the emotional problems of a third. The computer also had extensive personal financial information on the judge, including tax returns.

Another drive had been used by a high-ranking official below a previous governor — the report did not say which one — and included private contact information for other top officials.

A list of children supervised by the state included their birth dates and Medicaid numbers. Another gave their inoculation records. And there were files on more than 230 investigations into reports of scarce or abused children, including their names and addresses.

A translation of this condition appeared in print on March 10, 2011, on page A24 of the New York edition.

———————————————————————————————————
One of the most ordinary questions that our sales team gets is “how reliable is my data in the cloud”? Of course we have our pitch ready to go that describes in detail how data is encrypted at the fund (client machine) with the user password and transferred through an SSL layer to a luxurious SAS70 Data Crucial point facility and so on and on regarding physical data security.

SAS 70 Type II Certification

PCIC’s data crucial point completed successfully the rigorous SAS 70 Type II certification, an internationally recognizable auditing standard developed by the American Institute of Certified Public Accountants (AICPA). The SAS 70 process assures our clients that we meet the peak standards.

What is SAS 70?

SAS 70 defines the standards an auditor must use in order to assess the contracted internal controls of a service organization. Service organizations, such as hosted data centers, insurance claims processors and credit processing companies, provide outsourcing services that affect the operation of the contracting enterprise. The SAS 70 was developed by the American Institute of Certified Public Accountants (AICPA) as a simplification of a set of criteria for auditing standard.

SAS 70 Type II Compliant
When you partner with PCIC, you can rest easy knowing that every aspect of our data crucial point has been designed with your needs.

PCIC’s data crucial point combines robust, scalable architecture with an unrestrained portfolio of hosting options. Our data crucial point has been designed for security, reliability and uptime.

For more information about PCIC’s data crucial point capabilities and management click here

Consider it Done!

When you are dealing with data systems, you want to consider it done! You do not want to have to worry about the details. You need to concentrate on your business, which is why you need a professional company to design, install, support and keep up your systems.

Give us a call at 631.258.8237 and you can consider the task done! We will design, install, support and keep up the right and the most cost powerful solution that will be perfect for your business.

But we found that sometimes when we talk to a user that is a business owner its hard for them to know the technical terms and how their business data is really protected.

In order to transfer the message better we decided recently to try the visual demonstration of data protection and to show what encrypted ID/data really look like.

I pulled a file from our company’s local backup and if you click here you can see what our accounting record (or whatever the data is) looked like after the encryption process

encrypted_file_sample

Our Customer files are stored, in encrypted form and can be accessed with an Encryption Key that the only customer has. Not even NSPNOC personnel can access your data.