Apparently, the department still didn't learn its lesson. In January 2008, it mailed 5,000 tax forms with taxpayers' Social Security numbers clearly visible through the envelope windows. Department executives tried to weasel their way out of responsibility by blaming the breach on the machine that folded the forms, instead of taking a hard look at the humans who ran the folding machine, or the humans in charge of reviewing the work of the humans who ran the machine that folded the forms. (And you thought that disasters only came in threes?)
That same month, the Wisconsin Department of Health and Family Services had a FUBAR of its own, when a private contractor mailed 260,000 booklets to Medicaid recipients in the statewith their Social Security numbers printed right on the front.
One reason this happened is that unlike its neighbors, Wisconsin still uses Social Security numbers as Medicaid ID numbers. Wisconsin Rep. Marlin Schneider, known by the catchy nickname "Snarlin' Marlin," called that practice "stupid." I couldn't have said it better.
So, for those keeping score, here's how to tell that the identity theft problem in Wisconsin isn't getting any better. The previous breaches either involved third-party vendors for the state, or a relatively small number of Social Security numbers leaked by the state itself. But this latest debacle was a whopper: Over 100,000 Social Security numbers have been potentially exposed to any fellow, well-intentioned or not, with a laptop or a smart phone. And it was committed by the Walker administration itself, not by some third-party operator in Plano, Texas.
Even after hundreds of thousands of innocent "Cheeseheads" have been exposed to identity theft and all manner of financial crimes; even after the state has spent (or will spend) more than $1 million on credit monitoring for victims (which doesn't really help anyway, since all the thieves have to do is wait a year plus one day to begin their wild spending sprees using the purloined Socials); Scott Walker's appointee had the audacity to imply that he believes the people of Wisconsin are safe.
I have a few suggestions for Mr. Walker that might help to make things right. Firing Secretary Chandler would be a good place to start. (I think you can do that immediately Governor, as I don't believe he is a member of the Civil Service.) He very clearly doesn't appreciate the importance of data security, or even how it works, and though I'm sure he's a nice guy, this is a weakness the citizens of Wisconsin cannot afford in that position. It would send an unequivocal message to the rest of Wisconsin's department heads that taxpayers' private data is of paramount importance, and must remain private. These data breaches must end.
Second, like most states, Wisconsin clearly needs tighter rules and procedures regarding protections for citizens' personally identifiable information (PII).