Auditors from the New Jersey Comptroller's office reported this week that 46 out of 58 hard drives on computers the state was preparing to auction last year still contained protected information. According to The New York Times, the data included:
Files on abused children. Employee evaluations. Tax returns. A list of computer passwords. Names, addresses, birth dates and other information on hundreds of foster children and abused children. And, of course, Social Security numbers.
Comptroller Matthew Boxer stopped that particular sale, but as writer Richard Perez-Pea noted, there's no telling how many were sold or given away previously with similar data still on them. The comptroller's report made clear that there was no indication that an outside agency had checked out PCs sold at auction or given away in the past. Boxer said, "The risk here is enormous."
The computers in question came from the state's judiciary branch, the Department for Children and Families, and the Department of Health and Human Services, among others. Sadly, Boxer said, at least one of the agencies had the capability to erase the hard drives magnetically but did not do so because the machine was too noisy. "I find that offensive," he said.
He's not the only one who feels that way. Privacy Rights Clearinghouse director Beth Givens told The New York Times:
Public-agency breaches are disheartening because they have so much data, and much of it is sensitive. Data stewardship should be the top priority for them.