|
|
|
News: ID Protection
News impacting public employee union members
Strickland issues executive order on data privacy, security
Union encourages members to monitor financial data following state data theft
SIGN UP NOW |
The State of Ohio has arranged for you the opportunity to enroll—at no cost to you — in Debix Identity Protection service. Browse the website of Debix Identity Protection Network.
> Enroll Online
> Download & Mail Form |
June 15, 2007 - Governor Ted Strickland today announced the theft of a computer back-up device containing the names and Social Security number of more than 60,000 state employees.
In response, the governor issued a new executive order, "Improving State Agency Data Privacy and Security."
Executive Order 2007 – 013S
Improving State Agency Data Privacy and Security
1. Data Privacy and Security are Critical. Ohio’s state agencies have the responsibility to carefully safeguard the sensitive personal information of state employees and other Ohio citizens that is in their possession. Proper management of social security numbers, financial institution account numbers and other similar sensitive personal information respects the privacy of those individuals associated with that data and helps protect against identity theft and other misuse of personal information.
2. Enhanced Data Privacy and Security Measures Are Needed. In order to properly protect personal data held by Ohio’s state agencies, I am ordering the following:
a. The Chief Privacy Officer at the Office of Information Technology will be responsible for coordinating the implementation of improved data security measures.
b. Within seven days, all agency directors shall designate a Data Privacy Point of Contact (DPPOC) and notify the Chief Privacy Officer of that designation.
c. All agency directors shall immediately review and begin updating existing information technology security policies and practices to make sure that they comply with the current statewide Office of Information Technology security policies. Within sixty days, the DPPOC at each agency shall provide a report to the Chief Privacy Officer detailing the state of compliance at their respective agencies and the steps and time necessary to achieve compliance.
d. In recognition of the significance of the Ohio Administrative Knowledge System (OAKS) to the information technology infrastructure of Ohio’s state government, the Chief Privacy Officer shall, within one week, assure the commencement of a comprehensive, independent third party security assessment of OAKS’ compliance with the current statewide Office of Information Technology security policies and internal agency policies and procedures. That assessment shall be completed within forty-five days and within thirty days thereafter, the Chief Privacy Officer shall provide a report to Ohio’s Chief Information Officer detailing OAKS’ state of compliance and the steps and time necessary to achieve compliance.
e. Within seventy-five days, the Chief Privacy Officer shall develop a privacy impact assessment protocol that will analyze how certain data is handled by state agencies. In particular, the assessment protocol will: (i) scrutinize the extent to which agencies handle information in a manner that conforms to state and federal legal, regulatory, and policy requirements regarding privacy and security, (ii) determine the risks and effects of information collection, maintenance and dissemination in their respective electronic information system, and (iii) examine and evaluate protections and alternatives for handling information in order to mitigate potential risks. Upon its distribution to them by the Chief Privacy Officer, the DPPOC at each agency shall be responsible for immediately beginning the utilization of the privacy impact assessment protocol.
f. Within seventy-five days, The Chief Privacy Officer shall develop a data encryption protocol that establishes the data that should be maintained in encrypted form (like social security numbers or financial account information), the circumstances in which such data should be encrypted (like data kept on a laptop or other portable device), and the encryption strength and standard to be utilized. Within seventy-five days thereafter, the DPPOC at each agency shall provide a report to the Chief Privacy Officer detailing the steps and time necessary to implement the data encryption protocol.
3. I signed this Executive Order on June 15, 2007 in Columbus, Ohio and it will expire on my last day as Governor of Ohio unless rescinded before then.
____________________________
Ted Strickland, Governor
ATTEST:
____________________________________
Jennifer Brunner, Secretary of State
See Related
Union encourages members to monitor financial data following state data theft
Governor Reports Theft of State Data Storage Device (Media Release - June 15, 2007)
Get Help
How to protect yourself - Website of Debix Identity Protection Network
Look up - Was your info on the stolen tape due to uncashed refund check data?
Four steps you can take to protect yourself
Useful government, consumer websites to help you protect your identity
Identity Protection for State Employees - FAQ
Identity Protection for State Employees - Updates
Union Benefits Trust: Working Solutions program offers articles on identity theft
What if my information may have been compromised? (FTC)
|
|
|
