Wednesday, September 8, 2010

How Big was the Spill?

The DSEA-Retired group had their annual picnic today at Pizzadilli Winery in Kent County. About 100 retired educators attended the event. In this population, much discussion continues around the incident in which thousands of retirees had personal information compromised by Delaware's State Benefits Office and their consultant, AON. For a period of four days the gender, dates of birth and social security numbers of 22,000 individuals were posted to an open website.

AON and the state were posting information as part of a Request For Proposal (RFP) for vision care. The Social Security numbers were not supposed to be in the posting.

The DSEA retirees are demanding that the compromised individuals be given a minimum of five years free credit monitoring, and that the State Benefits Office establish a policy that will prohibit this type of vendor mistake from happening again.

There are three critical questions that either the state or AON should be able to answer given available technology: How many "hits" were registered on the infamous website? Who looked at the data? Who downloaded the data? The answer to these questions will tell us the magnitude of the damage and the resources needed for the clean up. It is the equivalent of BP telling the public how much oil was spilled.

No comments:

Post a Comment