Establishing Digital Trust: Don't Sacrifice Security for Convenience
|Photo source: Reuters|
This time, nine workers at the Illinois Secretary of State's office are being fingered as the culprits. The office did not release the names of those involved.
State officials said that the nine had looked up Obama's street address on the office's computer system -- despite the office having earlier sent out a memo warning all employees not to access the president-elect's information without authorization.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=iAfter an investigation, the Illinois Secretary of State's office determined that the employees had been motivated merely by idle curiosity, Penelope Campbell, a spokesperson for the office, told InternetNews.com. The office yesterday suspended them without pay for a minimum of three days, Campbell said. The sentence is relatively light because officials determined there had been no malice involved, she added.
The illegal peeks at Obama's records occurred over several days, beginning Nov. 5, according to Campbell. After officials discovered that the records had been accessed, police from the Illinois Secretary of State's office and the U.S. Secret Service were called in.
It's the second recent attempt by an organization's employees to illicitly access their records on Obama. On Nov. 21, three Verizon Wireless employees viewed Obama's mobile phone records, leading to company president and CEO Lowell McAdam to apologize publicly to the president-elect. The employees were eventually dismissed.
The breach at the Illinois Secretary of State's office also isn't the first time that government employees have been found illegally snooping into records.
In October, Ohio government workers ran checks on the records of Samuel Joseph Wurzelbacher -- better known as "Joe the Plumber," a nickname bestowed by presidential candidate Sen. John McCain during a debate with Obama, during which McCain cited Wurzelbacher as an example of a middle-class worker.
They accessed the files through the state computer system at least four times, leading to investigations by Ohio inspector general Thomas P. Charles and the Ohio State highway patrol.
Such breaches can easily be prevented by implementing role based access governance, Brian Cleary, vice president of products and marketing at enterprise access governance vendor Aveksa, told InternetNews.com.
Analysts and security experts have long said that role management is critical to access control and compliance in organizations.
"You can't tell employees of an organization or government agency to internalize and memorize policies in a three-ring binder, you need automated access control," Cleary said. Such control would be implemented by policies based on users' roles.