"Anyone who goes to WhitePages.com or 411.com will find personal information published that many people may want protected," Rell said. "With a few clicks of the keyboard, anyone can find the age and gender of a person, where they live, where they work, birthdates and other identifying information. This is a safety and security issue -- particularly for our elderly citizens who too often are targeted by scam artists and other opportunists."
The governor will be calling for an electronic version of the telephone "Do Not Call List." She said her Administration is developing a legislative package intended to make certain Connecticut is at the forefront of privacy protection laws. The centerpiece of the package will likely be a proposed "opt-out" registry -- similar to the "Do Not Call" registry -- that would establish a centralized, one-time process for Connecticut residents to remove some or all of their private information from Internet search sites, credit card solicitations, direct mail lists and other records.
"This effort will in no way jeopardize my commitment to transparency in government," the governor said. "I believe there are reasonable protections we can explore without compromising the Freedom of Information Act and the principles of open government.
"The Internet has a remarkable ability to aggregate information from disparate sources -- huge volumes of public records, news stories, libraries and other references," governor Rell continued. "However, technology has changed dramatically since most open records laws were written. There have long been Web sites that, for a modest fee, specialize in taking bits and pieces from each of these sources and assembling a surprisingly complete profile of an individual -- including Social Security number, address history, employer and even the make and model of their car.
"Now some sites are adding even more personal information to search results -- ages and occupations, for example, for people whose names come up on a telephone number search," the governor said. "I am concerned this 'personal information creep' will put more and more individual privacy at risk. Many of these sites have an opt-out function that allows a user to limit or remove their personal information. However, these are not always easy to find and -- more importantly -- are specific to individual sites.
The governor noted that these sites are breaking no law by gathering and disseminating this information, yet many people may be unaware that their personal information is so widely available.
"I suspect many people would choose to shield at least some of that information if given a chance," said Governor Rell. "Accordingly, I am proposing that the state work with these information providers to streamline the opt-out process. I believe it is in the best interests not only of consumers but the information sites as well."
States across the country are examining their privacy laws, security measures and the kinds of information that their own government agencies collect, manage and distribute in light of the high-stakes risks of identity theft, fraud and other computer crimes. Recent new laws in other states, for example, sharply curtail the business use and release of Social Security numbers and require wireless networks to provide prominent warnings of security risks. Others specify that businesses may not retain information from the "magnetic stripe" on the back of credit and debit cards for longer than 48 hours after a transaction is approved.
"Privacy concerns are constantly evolving. We must not only keep up with them
but do our best to stay ahead of the curve," the governor said. "I will soon be announcing an effort among all state agencies to review the private information about residents that Connecticut collects, manages and distributes. While bearing in mind such traditional functions such as tax collection, media and Freedom of Information requests and law enforcement, I want to ensure that the security of private information within state government is protected."
In recent months Connecticut has taken a number of actions to enhance computer security and safeguard personal information. In October, Governor Rell announced that the Department of Information Technology had selected a new encryption tool for use by state agencies for laptop computers and other mobile computing and storage devices. The tool will be used for encryption of information on laptop computers and other devices that store data. It was selected by DOIT and an interagency working group of 24 information technology professionals from 12 agencies.
