by CIO Staff

County Rife with Identity Theft Reconsiders Online Records

Dec 22, 20054 mins
IT Strategy

In 1997, Arizona’s Maricopa County (which includes Phoenix) became the first government entity in the nation to post public records online. The decision to post a blizzard of records, including land purchases, election information, tax information, divorce cases and much more, garnered praise from the local press and won Maricopa a place in the Smithsonian’s prestigious National IT Innovation Collection. But it has come back to bite the county in a most unpleasant way: Maricopa now claims the highest rate of identity theft in the nation, and local IT officials say the two statistics are inextricably linked.

“People have gone online and been able to find information like names, addresses, social security numbers, financial data and [information about] divorce and civil suits,” said Richard Dymalski, principal IT consultant to Maricopa County in a recent interview. “And that’s a dangerous thing.”

Maricopa County, Dymalski says, is now rethinking its kitchen-sink approach to online records, and its departments have begun the time-consuming task of redacting sensitive information on its website and deciding what kind of information should go online in the future. Maricopa’s ordeal is sparking a growing debate among municipalities and states nationwide over what kind of public data should be posted online and in what form.

“This is not just a Maricopa and Arizona problem,” said Dymalski, alluding to the fact that Arizona ranks the highest in identity theft of any state in the nation. “This is a national problem.”

Before the Internet, if people wanted information on tax, land, election, divorce or civil suit records, they would have to mosey on down to their local county registry, fill out a form with their name and hand it to the clerk. Beginning in the late 1990s, county clerks realized they could streamline their workloads considerably if they put all those pesky public records online. But few municipalities considered the fact that there was sensitive personal information about individuals hidden in those records, including names, addresses, social security numbers, dates of birth, income and other demographic data, signatures, political affiliations (Democrat or Republican) and whether someone had recently obtained a divorce and under what less than savory circumstances.

Such information, which can be plucked from anywhere in the world just by going online to county sites like Maricopa’s, was ripe for abuse by identity thieves. Combine that with the fact that Phoenix has the second highest rate of methamphetamine abuse in the nation (with a large number of meth addicts who need cash quick) and a high number of illegal immigrants searching for fake identities, and you have a recipe for disaster. “Arizona offers a climate unusually conducive to identity theft,” wrote Andrew Thomas, the Maricopa County Attorney in an editorial in The Arizona Republic earlier this year.

According to Dymalski, Maricopa County is currently re-examining its drive to put all public records online and asking county department to redefine sensitive information so it is not posted willy-nilly on the Web. Until recently, for instance, if a Maricopa resident registered to vote, he would submit his social security number and date of birth and by law that information could be readily sold to any political party and posted on the Web. Now, Maricopa will only supply political parties with the registrant’s name and address and political affiliation.

Maricopa has also instituted a retention policy of keeping data online for only two years. Dymalski says that an automatic purging schedule ensures that most of the sensitive information posted during the county’s technology-ho years has already been removed from the Web. And county departments are currently doing an inventory of all public records to decide what information should not be automatically included in the electronic database. They’re also exploring ways in which IT can help ease the burden of categorizing all that information. “We’re trying to look at ways to standardize divorce paperwork, so we can easily redact social security numbers and other sensitive information before it is posted,” Dymalski said. “Having to go through page after page would take forever.”

In the meantime, Dymalski says, this is something that policy makers should be considering on a state and even national level. “Technology races ahead at the speed of light and the laws necessary to go from a paper world to an electronic world have not been put in place,” he said. “We have to come up with safeguards for this information.”

—Alison Bass