To the Editor:
More than one year after the discovery of the hiring
of a convicted identity thief to oversee confidential
state employee information at the Public Employees
Retirement Fund, we continue to learn about more
about the consequences of lax security in the past
at PERF. When someone gets their hands on personal
information, the consequences of identity theft
may take months, if not years, to discover and the
damage can be long lasting and catastrophic for
individuals and their families.
Meanwhile, this week many people find their e-mail
accounts and Internet service providers slowed,
if not crippled, by computer viruses called worms
that are literally clogging the Information Superhighway
with meaningless traffic – costing businesses
the world over time and money. These damages might
be short-lived, perhaps amounting individually to
little more than an inconvenience. But for the economy
as a whole such mischief can have a real and significant
price tag.
These are just a few of the reasons why in my second
term as Auditor of State, the security of State
employees’ personal information and confidential
data of those who do business with the state remains
a top priority.
The state auditor’s office handles all payroll
for nearly 40,000 state employees and the payment
of nearly every claim made against the State of
Indiana, making more than a half million payments
each month. To shield valuable information from
those who would use it for illicit purposes, personal
data necessary for payroll purposes, including the
first five digits of social security numbers, birth
dates, and banking information, is now masked on
certain printed versions of payroll-related documents.
Various state forms are also being reevaluated to
make sure sensitive data is only provided or printed
when necessary.
In the information age, government must be increasingly
aware of the risks inherent every time someone writes
down a social security number or other personal
information. Identity theft is a fact of life in
the 21st-century. In response to that, we must take
all steps possible to maintain the integrity of
our systems and keep access to public information
open, while simultaneously minimizing the risk of
confidential information falling into the wrong
hands.
This past legislative session, I took specific action
to protect state employees and financial data. House
Enrolled Act 1935 expanded the categories of jobs
for which the state may run a national criminal
history background check using the FBI’s fingerprint
database. At my request, language was added to the
bill enabling checks to be performed on applicants
for state jobs involving access to or supervision
over state financial or personnel data, including
state warrants, banking codes, and payroll information
pertaining to state employees.
Now, with the recent approval of the FBI’s
Access Integrity Unit, these background checks may
be performed on applicants for state jobs with access
to such data, giving the state the ability to submit
their fingerprints to the FBI’s Identification
Division, where a national criminal history search
will be conducted. This was a big step forward for
Indiana government.
By opening up the national fingerprint database
to us, this legislation provides protection beyond
what we have been able to do in the past. We may
now cast our nets much wider. The amendment I suggested
helps Indiana government prevent those who would
violate the trust of state employees from getting
the opportunity. I am grateful to the legislators
who incorporated that suggestion in this law.
Identity theft and other technological crimes are
a serious and growing problem. It is a struggle
in which those of us entrusted with delicate personal
and financial information must remain ever vigilant.
We must guard against those who would exploit innocent
Hoosiers for their own personal gain. I am glad
that Indiana government has another weapon at its
disposal in this fight.
Sincerely,
Connie Nass
Auditor of State
