This is an archived article that was published on sltrib.com in 2012, and information in the article may be outdated. It is provided only for personal research purposes and may not be reprinted.

By Eleanor Sundwall

News reports on the recent Utah State Department of Health data security breach will be fleeting, but for those whose personal information was stolen, it is a lasting worry.

In March, my 21-month-old daughter underwent surgery at Primary Children's Medical Center. Even though she is privately insured, the medical center apparently gave her identity and health information to the Utah Department of Health's Medicaid program.

On April 23, we received an unsigned letter from UDOH informing us that our daughter's "personal information may have been potentially exposed to others."

There is no justification for the use of language that obfuscates the alarming fact that our daughter's Social Security number was stolen and her identity will never again be secure.

The health department does not appear to have the same interest in protecting its constituents as it does its reputation. The agency should have sent a signed, clearly written letter to the victims of this unprecedented security breach. Its failure to do so sends a message that the state agency would like to distance itself from its responsibility to protect the identities of the people it serves — many of whom are children.

According to the health department, the state Department of Technology Services "has identified where the breakdown in security occurred and has implemented new processes to ensure this type of breach will not happen again."

However, it appears there have been no consequences to the organization or individuals responsible for the carelessness that has put so many of Utah's citizens at risk of identity theft. At the very least, the department's executive director and the DTS chief information officer should each make a strong public statement indicating their appreciation of the effect the data breach has had on its victims.

The anxiety and the substantial personal and financial costs associated with vigilantly keeping watch over one's identity over a lifetime should neither be ignored nor trivialized.

Gov. Gary Herbert has said the state "must do everything [it] can to restore trust," but I have not seen decisive action toward this end. Protecting additional citizens from future crimes by auditing and improving the system is essential, but that does not address the injury done to those whose identities have already been compromised.

The state must take strong steps toward protecting the people whose identities it has put at risk. The one year of free credit monitoring being offered these individuals is welcome, but ultimately unimpressive. However, extended coverage is likely not an option: Providing many years of credit monitoring would be untenably expensive.

Regardless, paying a private company to oversee only one facet of identity fraud would be a partial solution at best. One possibility might be creation of a state office dedicated to helping the victims of the data breach. It is my understanding that just 7 percent of the 280,000 individuals eligible have signed up for the free credit monitoring service, an indication that many victims are in need of additional and substantial support.

The establishment of an office with expertise in managing the loss of identity security would be a substantial long-term investment, but it could develop into a tremendous asset for all of Utah's residents and, perhaps, serve as a national model.

In this technological age, the importance of personal data security will only increase. While the state of Utah has unintentionally thrown itself into the center of this issue, it must intentionally throw its strength into showing it is able and willing to aggressively protect the security of its citizens.

Eleanor Sundwall is a science educator and mother of one. She lives in Salt Lake City.