HARTFORD - State Sen. Kevin Kelly, R-Stratford, Ranking Member of the General
Assembly’s
Insurance and Real Estate Committee, has called for Access Health
CT’s call center vendor Maximus to supply a complete account of current
security policies and protocols to the legislature’s Insurance
Committee.
His demands are in response to the security
breach uncovered on Friday.
“What
disturbs me most about this situation is the timeline. The employee
responsible for this egregious error did not come forward until
after the news reported on the situation,” Kelly said.
“I’m sure he realized almost immediately that he lost his backpack. But
did he even go back to look for it? What we do know is that he did not
let his supervisors know he lost highly sensitive
information that jeopardized hundreds of people’s personal data.
Instead, he waited over 24 hours to come forward and only after the
press reported finding the backpack. The timeline raises serious
questions about not only Maximus’s preventative protections,
but also their crisis response procedures.”
Kelly is asking for complete transparency from Maximus so that officials, including the state legislature, can fully understand how this information made it out of the building in the first place and take actions necessary to prevent such breaches from happening again.
“My
concern is that people who don’t have insurance will use this as one
more excuse not to get it. As a lawmaker, it is my responsibility, along
with my colleagues, to
secure the consumer protections the people of Connecticut deserve. We
cannot guarantee that people will be protected, and we cannot brush this
off as an isolated incident, until we have full disclosure of what went
wrong. We need to understand why it took
so long to realize sensitive information was removed from the Maximus
office.”
Considering
possible remedies to this situation, Kelly pointed to a
previous legislative attempt to safeguard consumer information that was
defeated earlier this
year. Senate Bill 276 would have required Access Health CT to report
quarterly on, “the status of the exchange's data privacy protections and
the exchange's success rate in ensuring that personally identifiable
information is not released.”
The Insurance Committee
took no action on the bill after the public hearing on March 4.
“We
already have in place an active and transparent communication process
to track and relay information on any real or potential PII [personally
identifiable information] issues, which complies with all current state
and federal requirements…the mandated requirements in this bill pose an
enormous burden on our organization in both staff time and financial
resources.”
Kelly disagrees because it is apparent that state requirements are insufficient to protect private consumer information.
In
a press conference this week a Maximus spokesperson talked about ways
their own staff will remedy the situation and described shifting
to a paperless office in which dry erase boards would replace pen and
paper.
“Are
dry erase boards really the best solution a leading worldwide company
can offer us?” Kelly said. “It is time to revisit legislative
action and our past concerns. We need to enact safeguards so there is
no single point of failure. Dry erase boards do not cure the problem. We
have to think bigger than that.”
Kevin Kelly (www.senatorkevinkelly.com) represents the 21st District, which includes the towns of Monroe, Seymour, Shelton and Stratford. He can be reached at 800-842-1421, at
Kevin.Kelly@cga.ct.gov. You can followKelly on Twitter
@21KevinKelly and on Facebook at
www.facebook.com/
This is a press release from Kelly's office.
No comments:
Post a Comment