Unencrypted data violation
March 30, 2011 9:51 AM Subscribe
Insurance data is unencrypted. Should this be reported? How?
posted by anonymous to law & government (10 answers total)
The insurance management company that handles our plans has a website for administration. This website is where the reports are located along with plan information. There is a section to upload files for forms or other information necessary in managing insurance/FSA/HSA plans. This information would include social security numbers, names, birth dates, addresses, etc.
This website is not encrypted as far as I can tell (HTTP:// address, no padlock to click on for an SSL certificate) - not even for the uploading of files.
Do I report them for this? How and to whom? Thanks in advance.
Let's say the states affected are Minnesota, Iowa, and Missouri. Let's also say that customer service doesn't seem to see the problem.