ZDNet news reports that "A CD containing personal information on Georgia residents has gone missing, according to the Georgia Department of Community The CD was lost by Affiliated Computer Services, a Dallas company handling claims for the health care programs, the statement said. The disc holds information on 2.9 million Georgia residents, said Lisa Marie Shekell, a Department of Community Health representative."
When I was Utah's CIO, identity theft on this kind of grand scale didn't make the news as much as it does now. If I were in that position today, I'd be very scared. It's not so much that you know about bad data handling practices in the various agencies, but the fact that you know nothing about them. What are the chances it's all going well with no oversight and no accountability? Zero.
In this case, ACS was a private contractor and is likely to get the blame, but that's not the root of the problem. The root of the problem is that the state agency trusted them with that data. What reviews were done? Any audits of security and data handling practices? To what standards? Was the data encrypted? Ugh.