* Anybody this careless with sensitive private data shouldn’t be handling that data…
A state employee at the Department of Innovation and Technology — the agency tasked with securing state data — inadvertently published the names, gender, birthdates, and social security numbers of some watercraft owners to the internet, an agency spokesperson confirmed on Monday.
The Department of Natural Resources collects registration information from people who own boats, jet skis, and other watercraft to provide licenses. State law requires new watercraft license applicants to submit their social security number so the state can ensure they are in compliance with any outstanding child support obligations. DoIT, the state’s IT department, manages and maintains their database.
The data was published to the Illinois Open Data Portal, which is open to the public, between April 4th and April 8th and again from April 29th through May 1st, 2019. It has since been removed, and the agency has changed its policies to prevent it from happening again.
“The State has reviewed its policies, procedures and requirements on how data is published to the Open Data Portal and taken corrective action,” DoIT spokeswoman Jennifer Schultz said in an email. “The State immediately stopped posting information to the Open Data Portal that requires a manual extraction to ensure that human error does not occur.”
* Following Critical Audit, New Illinois CIO Talks Improvement: “Our ultimate goal by the tail end of this is that we’ll lessen our dependency on the supplier community and we can be self-sustaining and we leverage the suppliers where we need them for scale, but our ultimate goal is this is our DNA and we should run and maintain it ourselves where applicable,” Guerrier said.