Is there something in the air here, or have leaders in Western New York never heard of identity theft? The carelessness with which records containing personal information are being strewn about the landscape – literal and digital – is as astonishing as it is disturbing.
Last week, it was Dent Neurologic Institute acknowledging that it emailed out private information on more than 10,000 patients.
Thankfully, that mistake did not reveal sensitive medical files, Social Security numbers or other highly sensitive information. No such luck with the Erie County Department of Social Services.
An audit by County Comptroller Stefan I. Mychajliw revealed that department employees have carelessly disposed of old records, potentially threatening the privacy of hundreds of the department’s clients. Among the documents were copies of birth certificates, personal medical records, Social Security numbers, bank accounts, tax returns, inmate records, payroll information, court records and passports. Could the information be any more sensitive?
The problem is that some workers had been discarding these documents in the totes meant for recycling instead of securing them in the locked totes meant for documents that will be shredded.
County officials say they have fixed the problem and questioned Mychajliw’s motives for making the matter public, which only goes to show that it is possible to do the right thing and still miss the point. No doubt the comptroller has an affinity for publicity, but he is the public’s watchdog. It is his job to report to the public, which directly elects him. He would be criticized, and rightly, if he didn’t report the findings.
Furthermore, county officials pointing back at Mychajliw are running a diversion. The point isn’t the comptroller’s motives for publicizing his findings, it’s the findings. At this point, well into the 21st century, there can be no excuse for dealing carelessly with private information, especially by medical offices and government agencies that deal with the most sensitive information imaginable.
We should have this procedure down by now, but clearly there is still a learning curve. It would be wise for all medical officials and all arms of government agencies – from village halls to Albany and Washington – to review how they handle personal information, from collection to storage to disposal.
Indeed, Erie County Executive Mark C. Poloncarz should start from the premise that all areas of government are procedurally compromised in this regard, and proceed from there. It would be unlikely that only one county department has been lax with this kind of data. Similarly, Buffalo Mayor Byron W. Brown and other municipal leaders should assume they have problems and move to evaluate their systems and institute corrections where needed.
It will be a lucky thing if, between these lapses, no one suffers from disclosure of his or her sensitive personal information. If anyone does going forward, it should be considered a crime.