Assume for a moment that you operate a family run mortgage company or a small independent hometown bank. For convenience, you keep a digital copy of mortgage or other financing documents on your computer system. One day, a friendly person discovers that the digital documents have been easily accessible through the Web.

Any legal or compliance professional would advise you to secure the information immediately so it is no longer Web accessible. They would advise you to comply with the breach notification laws in each state in which your clients, whose records were at risk of being exposed, reside. Breach notification laws in general, require the official notification of all of the probable victims of the breach.

Because of the possible exposure of sensitive records on the Web, your business may have been in violation of one of more other state or federal laws depending on the circumstances. In certain industries, such as banking, Federal regulations impose fines as high as $1,000,000 and imprisonment of executives for lax privacy practices.

States have been enacting breach notification laws ever since California's landmark law in 2003. Today, 44 states, DC, PR, and the VI all have breach notification laws, including Wisconsin, which was enacted in March 2006.

Generally, these laws cover all sectors-private, public and volunteer, although entities in the later two sectors can mistakenly believe they are exempt. Despite the laws, many counties throughout the U.S. knowingly allow sensitive financial documents including Social Security Numbers to be accessible to anyone over the Internet. Several counties in Wisconsin including Dane, Milwaukee and Rock are included.

Web access to county records is not legally required. It is convenience and often a revenue generator--requiring a nominal credit card payment to access the records online. Several federal reports including ones authored by the Government Accounting Office and the President's Identity Theft Task Force warn that these online county records place Americans at undue risk of identity theft and other crimes.

Counties that do not remove Social Security Numbers from Web accessible digital public records appear to do so in violation of State Breach Notification Laws and public trust. A few states such as Illinois, Indiana, Iowa, Arizona and California have enacted state laws requiring counties to redact sensitive information on new and historical public records. Wisconsin has not.

One approach to put an end to the potential financial, physical and emotional harms inflicted by unnecessary exposure of Social Security Numbers is through increased taxpayer education and involvement on this subject.

Write your county and state legislators and tell them that you want your sensitive information removed from public records.

---

Add this page to your favorite Social Bookmarking websites