Friday, July 20, 2007

State Inspector General reports on DataGate - UPDATE 2: GOP Responds

Originally posted at 3:49PM
Updated at 4:26 PM
Update 2 at 8:45 PM


Jon Craig at Politics Extra:
Ohio Inspector General Thomas P. Charles today issued his investigative report on the stolen state backup tape that contained the names and Social Security numbers of more than 800,000 Ohioans.

In his 35-page report, Charles says the 22-year-old intern who brought the tape home was told by a supervisor not to tell Hilliard Police that it contained confidential data. The project manager disputes that claim, the report says, although a Compuware consultant confirmed the intern's account.

Charles recommends disciplinary action against several employees whose policies and actions allowed the theft from the intern's car, and subsequent delays in notifying the governor and public about data on the tape.

The full report can be found here.
Will Governor Strickland follow the recommendations? Only time will tell...

UPDATE - Here is what is being reported as the governor's response to the report:
I appreciate the inspector general's thorough review of the circumstances surrounding the theft of the state data device. The state is taking every precaution to ensure that this type of incident is prevented from occurring again," Strickland said. "We are attempting to hold accountable those determined to bear some responsibility for placing the sensitive, personal information of so many Ohioans at risk."

The inspector general made seven specific recommendations to each of which the governor's office responded with a plan of action.

The first recommendation instructed the state to hold those responsible accountable for their actions.

According to authorities, Ohio Administrative Knowledge System (OAKS) project manager David White resigned. In addition, when intern Jared Ilovar refused the Office of Budget and Management's (OBM) request for resignation, he was discharged.

OBM also reportedly terminated the OAKS consulting contract for two Compuware employees, Avadhut Kulkarni and Brian Welch.

Furthermore, the Department of Administrative Services has begun the process of disciplinary review for two additional OAKS employees.

In response to another recommendation, the governor called for the cessation of the practice of sending sensitive data storage devices home with employees.

The governor also issued an executive order requiring all state agencies to utilize a secure method of storage for sensitive computerized data.

In addition, the state will be designating a chief security officer for OAKS by August 31.

The inspector general's final recommendation instructed the government to investigate a shared liability with contractors who may have been partially responsible for the vulnerability and theft of the data tape.

According to Strickland, the state has held initial discussions with key contractors, including Compuware and Accenture, regarding possible shared responsibilities and costs associated with the theft of the tape.
UPDATE 2: Statement from Deputy Chairman Kevin DeWine:
“This is an unbelievable case of cover-up, mismanagement and interns managing interns. If it wasn’t a sad reality, it would be laughable. The Strickland administration apparently ignored the warnings of a state auditor and its own transition team while putting sensitive personal data for millions of Ohioans into the hands of interns. They attempted to cover-up critical details of the theft and then took more than a month to figure out what they had lost. Ohioans are now being strapped with a $2 million bill to fix a problem that could have been prevented with a little common sense.

“Just a few weeks ago the Inspector General was questioning the management ability of the lieutenant governor, and now he’s raising serious concerns about the oversight of Ohio’s security procedures. Ohioans deserve better from an administration that promised more.”