Archive for March, 2010
I mailed the following letter to the Virginia Board of Bar Examiners on March 22, 2010, after receiving a letter with all of my sensitive information printed on a single sheet of paper.
Robert E. Glenn, President
Virginia Board of Bar Examiners
c/o Julie O’Kelly
2201 W. Broad Street, Suite 101
Richmond, VA 23220
I recently took the Virginia Bar Exam. I received a letter dated January 27, 2010 which contained instructions for the February exam. To my horror, I saw that the letter contained my full name, date of birth, social security number, school, MPRE score, results of my Character and Fitness Questionnaire, address, and email address on the form. This single piece of paper contains enough information for someone to impersonate me and commit identity theft. I count myself lucky that someone else didn’t check my mailbox the day this letter arrived.
This letter is to object to some of the Board’s more dangerous privacy practices as I currently understand them, and request additional information.
- How long will the Board keep my personal information on file, and for what purposes?
- Does the Board store my personal information on encrypted hard drives?
- On how many computers does the Board store copies of my personal information, and where do the hard drives go when the computers are retired or replaced?
- With what entities does the Board share my personal information, and under what conditions?
- What security measures, if any, does the Board use to detect intrusion or improper use by employees?
I understand that the Board needs to verify personal information with examinees. However, even minor common-sense steps would substantially increase security. These may include:
- Sending separate mailings, each of which lacks a full set of personal information.
- Omit digits of the social security number.
I hope that the Board takes these matters seriously, and updates its privacy policies and practices immediately. The Board of Bar Examiners has violated my trust, and I fear that the Board will continue to put me at risk of identity theft and other harms.
I look forward to answers on these most pressing issues. I also stand ready to assist in your effort to improve your privacy practices.
Note: A version of this article originally appeared on the Security Catalyst Blog
By Aaron Titus
I’m an awesome programmer. The only thing keeping me from Python, PHP, or Ruby coding awesomeness is knowledge… and skill… and training… and, um practice. OK, I may not be a Ruby all-star, but I could be if I wanted to. Likewise, you can do anything for yourself that an attorney can do for you, including writing legal documents. Lawyers just happen to have knowledge, skill, and training. And if I wanted an iPhone app, I’d talk to a programmer. If I wanted legal documents, I’d talk to a lawyer.
In fact, lawyers are programmers. Writing legal documents—like privacy policies—is just like writing code.