Submitted by GunHead416 t3_10gzn2e in Washington
PNW_Explorer_16 t1_j57i82j wrote
Reply to comment by SoftwarePatient5050 in Pierce County did an "whoopsie" by GunHead416
Based on your username, I get the sense you understand PII and possibly GDPR rules. So you know at a corporate level how serious these things can get.
As with anything, there are loop holes, which I understand. However, a “whoops, trust our guy it was handled in two hours” is negligent.
What I’d like to see is a security audit within pierce county (digital and physical). how records are stored, kept, shared, etc. next, an audit on personnel security levels, and a chain of command for releasing records.
In the event of a breach, what’s the protocol, and how does the county plan to mitigate risk, while protecting its people. A “oh it’s totally cool” piece of mail isn’t on par with standards of where we should be.
Next, what entity requested our data? If it was a company, they should be listed, and we should have communication options to address directly with them. If this was a personal (non entity) request, that person should have a representative from pierce county tagged so we can understand the intent on which this person requested our data.
Lastly, comes the monetary side. While no one may be victim to identity theft which, may lead to erroneous monetary charges, there should be a plan in place to address this should it occur. Pierce had an obligation to help it’s citizens. Listing the three credit agencies doesn’t suffice.
Lastly, let’s say that someone, or a group, is targeted (harassment, violence, etc). This again falls into malicious intent, but dives into more murky waters.
I don’t have the answers. This is just what comes to mind. I’m not a “let’s sue and get everything we can” kinda person. I’m more of a “hey, let’s be a leading example for privacy of our citizens data, and also a leader in mitigating risk to its citizens” kinda guy.
Viewing a single comment thread. View all comments