Ohio Data Leak Gets Pinned On The Intern

from the passing-the-buck-eye dept

You might remember the recent data leak in Ohio, where personal info on a million or so people was lost, after a storage device containing it was stolen from an intern's car. The intern, who apparently took the device home with him as part of a security protocol, has now been fired by the state, and says he's being made the scapegoat for the loss. Despite the governor's claims to the contrary, of course the intern's being scapegoated, even though he apparently was just doing what he was told. That's how things work with data leaks: the buck is passed, and responsibility shirked. In this instance, the state can say the responsible party has been fired, glossing over the fact that he was apparently just following directions he'd been given, and that the real problem here was a flawed security plan that was either devised by an idiot, or, more likely, by somebody who didn't take the security of other people's personal info very seriously. That's the problem here: nobody seems to care when it's other people's data. There are never any real ramifications from these leaks, as long as companies or governments are seen to have some security plan in place, even if it's not a good one. Until that changes -- and the scapegoating and responsibility shirking stops -- data leaks and breaches are going to keep on coming.

Filed Under: data breaches, identity theft, ohio, security


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    tad_scsi, 29 Jul 2007 @ 9:40pm

    Gimme a break...

    This intern was supposedly a student at DeVry - which actually had something of a good reputation at one time. How do you get past the first weeks of any kind of computing degree without the utter sanctity of data burned into your head? Even if the data is not of such personal nature it is still sacred - would you want to run potentially corrupt data? Data that was corrupted by say - the environment inside a car? Or how about the magnetic fields that may have existed on or about the TV set that he told the Columbus Dispatch was a common repository point for him? My understanding is that the medium was magnetic tape.

    The intern was hopelessly inept.

    Kinda reminds me of the second year student that couldn't figure out why he couldn't get a 11,000 string array to run worth a crap (in 1999). Why aren't the fundamentals being taught and stressed?

    I wrote the governor - as I am in Ohio - and advised that he consider also canning the kid's immediate super, too. The intern had only been with the state for two months when he was charged with the back-up duties. You trust an intern with only two months track record with that stuff? I think not! It also was not - by his own admission - his first time leaving it in a car.

    Only a moron leaves such important data in such an environment to begin with

    For the record - one ALWAYS keeps a back-up of critical data off-site. If you keep it on site and say - there's a theft, or tornado - or highly destructive fire - then you have no back-up at all - or original data either. That's why you keep one off site, the classic back-up schedule and protocol cited is the one devised by Planned Parenthood a couple of decades ago. And that is almost certainly the model used. After all - it takes a mighty safe to also be BOMB proof. A safe alone is not proper security - if the safe is on location where the originating data is.

    I don't know if the Gov ever actually saw my letter - but I did advise him of a company in Columbus that would certainly provide the utmost in data security - and if you need one they are also a very flexible and excellent host - JTLnet. They could deposit their back-ups with JTLnet at almost any hour of the day since they staff 24/7 --- or even backup over the wire -- or both.

    Finally - the intern was 22 - does his mom still wipe the doo doo off his fanny? How on earth do you get to 22 and be that irresponsible in that sort of position?

    There is zip zero excuse for the way the intern handled the data he was charged with protecting.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.