link to ARMA about us

General Information                     
Overview
What is RIM?
RIM FAQs
Leadership                       
Board of Directors  
Executive Officers  
Staff Contacts  
Governance                      
Mission, Vision, Values  
Code of Professional Responsibility  
Strategic Issues*  
Operating Plan*  
Board Minutes/Reports*  
State of the Association*  
Election Information*  
Chapters & Regions                              
Chapter Leadership Directory
Region Leadership Directory
Leadership Resources**
Chapter Listing
Awards                                                    
Awards
Cobalt Award
Educational Foundation  
Media Relations  
Advertising Information                         
Media Kit
Sponsorships
Expo Guide
Buyer's Guide
Exhibitor Prospectus

join ARMA

Member Benefits  
Membership Applications                                 
New Application
Renewal Application*
LINC Application
Networking Opportunities                            
ARMA iConference
Social Media Sites
Chapter Leadership Directory
Volunteer Opportunities                            
Task Forces
Officer Candidate Application*
Code of Professional Responsibility  

ARMA publications

What is RIM?  
Regulatory Updates           
Washington Policy Brief
Canadian Policy Brief
Global Policy Brief
Standards           
Standards & Best Practices
Glossary of RIM Terms
Information Management magazine  
Buyers Guide  
InfoPro Online*  
RIMinder Newsletter  
Newswire  
Washington Policy Brief  
Canadian Policy Brief  
Global Policy Brief  
Hot Topic  
Advertising Rates  

ARMA Resources

Standards           
Standards & Best Practices
Glossary of RIM Terms
Professional Competencies  
Code of Professional Responsibility  
Training Programs  
Podcasts  
Books & Videos  
RIM Promotion Materials  
RIM 101  
Media Releases  
Job Search  
Risk Assessments  
Facilitator Resources

ARMA bookstore

New Releases  
Product Search  
View Order Status  

goto customer service

FAQs
Update Profile
Change Password
View Recent Purchases
Bookstore Order Status
Contact Us
Privacy Policy

My ARMA

Member Logon
Update Profile
Change Password
Account Preferences
Member Directory
Board Minutes*
Strategic Plan*

ARMA site map

   
  Shopping Basket  
 

 



All news

Texas PII Massacre

April 26, 2011

It’s getting scary out there! In an eweek.com article released on April 12, the personally identifiable information (PII) of 3.5 million Texans were accidentally posted to a publicly available server. Not only was the information posted, but it was available on the server for more than a year!

When data was transferred from the Teacher Retirement System of Texas, the Texas Workforce Commission, and the Employees Retirement System of Texas to the comptroller’s office to verify unclaimed property records as required by law, it was sent unencrypted, and the data was not sorted into separate data fields. eWeek reported that the exposed data wasn’t discovered until other folders were being scanned on the same  FTP (file transfer protocol)  server – which is  used for transferring files. That server contains other public information, such as state contracts.

The Texas attorney general and the FBI are investigating this incident. It was noted by the office that once the data was received by the comptroller, internal procedures were not followed, which allowed the information posted on the public server to remain there and not be purged as it should have been.

“Encrypting records before data transfer could have saved the Texas Comptroller's office a lot of headaches and expense," Robert J. Scott, managing partner of intellectual property and technology law firm Scott & Scott, told eWeek.

Following the discovery of the breach, a number of employees in the comptroller’s office were fired, though the agency has not disclosed their identities or the exact number of employees who were affected.
Susan Combs, the Texas state comptroller, released a statement saying, “We take information security very seriously, and this type of exposure will not happen again.”

How can companies mitigate the risk of this type of exposure occurring on their own networks? ARMA International has several suggestions to make on this score, some of which are included in its Generally Accepted Recordkeeping Principles® (www.arma.org/garp). In short, the suggestions encompass a variety of policy and technical solutions:

  • Establish firm policies and procedures to ensure information is properly protected against inappropriate exposure.
  • Train employees on the policies and procedures so everyone understands their responsibilities.
  • Use technology to ensure only personnel with the appropriate level of security / clearance can access sensitive information
  • Utilize encryption and other security protocols to protect information at all times.
  • Conduct periodic audits and reviews to ensure established procedures are being followed.

Diane Carlisle

NewsWire

Facebook Twitter DZone It! Digg It! StumbleUpon Technorati Del.icio.us NewsVine Reddit Blinklist Add diigo bookmark

NewsWire not only alerts you to the most significant information-related topics in the news, it provides expert analyses that put them in context for you as an information professional. Read regularly, it will help you stay current with compliance, risk management, legal, privacy, and information technology issues and understand their implications for your business environment.

Want to sign up to receive an email version of ARMA International's NewsWire? It's free! Just tell us a little about yourself and you'll receive a monthly dose of the latest in legislation, regulation, and more.

    

Advertisement: Ask the Expert - Imerge Consulting

Advertisement: ARMA Buyer's Guide

Advertisement: RSD

 
     
 
about arma     join arma     your membership     contact arma     help   PRIVACY POLICY


© 2009, ARMA International