The state will adopt new rules and procedures to protect personal identifying information so as to eliminate any more state-sponsored privacy violations. Vendors can look forward to more consistent and standardized language in contracts clarifying how personal information is to be protected.

It has taken one too many security breaches for states to see the dangers in using Social Security numbers as IDs. We've seen 36 states introduce over a hundred pieces of Identity Theft Legislation in 2008 and half of the states passed legislation in 2007 to protect Social Security numbers from disclosure. Though Wisconsin was not amongst those states, Governor Jim Doyle has issued a directive to the Department of Administration (DOA) to eliminate the state government's use of Social Security numbers (except where required by law). This comes in response to a review of the state's procedures in protecting personal information after multiple state security breaches including the Department of Health and Family Service and the Department of Revenue. Following its mishap earlier this year and as part of its MMIS upgrade, the Department of Health and Family Service broke away from its 30-year practice of using Social Security numbers as part of its identity system.

The DOA will work with state agencies to replace Social Security numbers with random identifier numbers and designate a privacy officer within each agency. Doyle also called for annual risk assessments and further state employee education and training to make sure they understand their responsibility in protecting the data.

This week was also the deadline for the University of Wisconsin to deactivate its older identification cards that were attached to user's Social Security numbers in response to a disclosure last November.