Tuesday, April 12, 2011
Comptroller's Office Displays Incompetence
The latest example of incompetence among government workers comes from the office of Comptroller Susan Combs (pictured above). This office has the responsibility for keeping up with all of the money coming into and going out of state government coffers. It stands to reason that this office would be in possession of some sensitive information, including information about companies and private citizens in the state, and would have procedures in place for safeguarding that information.
But reason doesn't always rule at a state agency, and some people in the comptroller's office have seriously let down on their job responsibilities. It has recently been learned that this office posted personal information (names, social security numbers, date-of births, addresses, driver's license numbers, etc.) of about 3.5 million Texans on a computer system open to public access.
It is bad enough that this information was posted at all, and the mistake should have been quickly noticed and corrected. But it wasn't -- the information remained available for anyone who wanted to see it FOR OVER A YEAR before officials at the agency noticed and corrected the mistake. The information had been sent to the comptroller's office from other state agencies and involved 281,000 people from the Employees Retirement System, 1.2 million people from the Teachers Retirement System, and more than 2 million people from the Texas Workforce System.
Comptroller Combs said, "I deeply regret the exposure of the personal information that occurred and am angry that it happened. I want to reassure people that the information was sealed off from any public access immediately after the mistake was discovered and was then moved to a secure location. We take information security very seriously, and this type of exposure will not happen again."
Frankly I find it hard to believe they take information security seriously (unless that seriousness is a new policy since the mistake was discovered). An agency that took security seriously would have not taken more than a year to discover the mistake. Doesn't security involve making periodic checks (many more times than yearly) to make sure secure procedures are being followed and mistakes haven't been made?
The agency said that those responsible for the mistake have been terminated, but they wouldn't say who or how many were terminated. The terminations should have involved more than just the people responsible for making the "mistake". Their supervisors should also have been terminated and anyone else responsible for overseeing that security procedures were followed.
And in the final analysis, Combs herself must assume responsibility. As the elected agency head she is responsible for anything the agency does -- both good and bad. But she'll get a pass on this because she was just elected to a new four-year term last November. Hopefully, the voters will remember this the next time this Republican runs for public office.