Last March, it was estimated that nearly 280,000 Utahns had their Social Security Numbers stolen from the state’s data banks, with an additional 500,000 having less sensitive personal data taken as well. This massive security breach stunned nearly everyone who paid attention, if only because we soon came to find out that the states security systems were sub-par. Since then, the state has all but been forced to scramble as it provides credit monitoring services to any and all Utahn’s to ensure that they are properly protected.
In an attempt to prevent problems such as this in the future, Senator Stuart Reid (R – Ogden, District 18) has proposed SB 20, State Security Standards for Personal Information. If passed, would change how aware people are of the state’s current privacy practices and charges the that state’s Chief Information Officer to continually stay abreast of data security trends and then implement those standards into state systems.
The first section requires that any health care provider participating in the Medicaid or CHIP programs provide users with the health care provider’s privacy practices and that these providers have ,or may, give highly personal information (such as Social Security Numbers) to the states’ Medicaid and/or CHIP eligibility database. This provision is surprising, insomuch as it was not already law – it is no wonder that so many people were shocked to receive an official letter from the state saying that personal information may have been stolen. Remember, these databases include not only those on Medicaid and CHIP, but also the personal information of those who simply applied at one point in their life.
The second, and more sweeping, portion of the bill would require the Chief Information Officer to reach out to industry leaders regularly in order to have a better understanding of best practices for data management. With this information, the CIO is to attempt to implement the practices into state databases. If, for financial reasons, the CIO is unable to implement the best practices, they are to report to the House and Senate that monetary constraints are putting citizens information in danger – hopefully with the intention of getting the necessary funds during the next legislative session.
This bill is a reasonable and necessary response to digital security threats. Though through this bill the system may still be slow to respond to ever changing security threats, at the very least it speeds up the process – all in an attempt to prevent future attacks.
To contact Sen. Reid, Click Here or call 801-337-4182
Impact on Average Utahn:
High Impact 5 . 4 . 3 . 2 . 1 . 0 No Impact
Necessary 5 . 4 . 3 . 2 . 1 . 0 Unnecessary
Great Bill 5 . 4 . 3 . 2 . 1 . 0 . -1 . -2 . -3 . -4 . -5 Poor Bill