An email I just fired off to the Governor of the State of Ohio:

The rather less than serious effort the state has made in protecting our personal information.

According to this source, the gentleman who did not follow proper security & privacy guide lines got docked only a weeks pay for his part in the loss of 100,000 + peoples personal information.

Bravo! Had this happened in the private sector, not only would the indivdual be behind bars, but the civil liability would be enormous. I'm so very happy you idiots take the privacy of the citizens of this state so damn seriously. If little "mistakes" like this happen in the real world, how can one seriously argue that a government entity do better?

Don't slam the guy who gets docked a week because of this. We don't know if he is just the token offered up as a pitifully small sacrifice. If the state didn't allocate enough resources you can't blame someone who just is not up to the task... That's like blaming one wimpy firefighter for not being able to put out a forest fire by them self.

I don't know if ONLY one person is to blame, but the state has one thing right - They did not allocate the right resources for the job.

"The loss of the tape, which contained social security numbers and other sensitive information, is expected to cost the state about $3m."

Wow, that's one expensive tape! Was it custom-made?

Assuming full disclosure is required for those people affected, here is a VERY generous estimate. Cost of tape: $100 (estimate). Cost of time to look up individuals' information, create a mail merge, create a generic "Oops! We lost your info, sorry." letter, and merge to create letters to send to the people: $500 (5 hours * $100/hr). Cost in labor to print those letters: $21,700 (10ppm [217 hours] * $100/hr). Cost of paper and ink to print those letters: $9,100 (7 cents * 130,000 letters). Cost in labor to stuff and seal envelopes: $36,112 (10 seconds per envelope * 130,000 letters * $100/hr). Cost to mail letters: $53,300 (41 cents * 130,000 letters). OK, so totaled up, that's $120,812.

Can someone point to where the other $2,879,188 comes from? Or are they using the usual government format of "Well, it cost us $x to redesign the system properly and implement it the way it should have been." in coming up with that estimate? It was a lost tape. It's not like someone hacked into the system (where I can possibly understand large costs of having to inspect the system in minute detail to make sure it's safe again).

So what personal information do you need to change now that it is for sale to the highest bidder

Common Chris don't be as slow as the guy that lost the tape!

One would assume that the bulk of the $3m would be spent on arranging credit protection facilities for those that have had their details compromised rather than just sending them a letter informing them of the incident.

Certainly I've seen other large organisations offer this service for 12-24 months after the disclosure to those affected, its the least they can do.

$1million for EDS to "design" a new tape library system.

$1million for implementing it

$879188 for kickbacks to whoever hands out the contracts

$500000 for cost overruns.

Public sector computing contracts: priceless.

How about the cost of signing up all 130,000 potential fraud victims to credit monitoring agencys?

Simple. As an Ohioan affected by this, I can easily tell you - the State of Ohio has offered "free" commercial credit fraud /identity theft protection to everyone affected. They are paying for a year's protection and it seems pretty comprehensive.