Continued from page 1

Information that is being transmitted or is on a portable device like a hard drive or laptop is always encrypted.

“If it’s behind several fire walls and you’re working on it, it might not be encrypted,” she said, adding encryption makes the information more difficult for the information to be used by the agency. “It’s hard to boil it down to any simplistic answer.”

An agency survey of state revenue departments nationwide found that only four of the 16 departments who responded encrypt all data.

Stephens, director of policy and advocacy for the clearinghouse, a nonprofit consumer education and advocacy organization, said one way to protect information like that compromised in South Carolina is to minimize the amount of data that is being kept.

“If you are holding on to old data that is no longer essential to the operations of the department, you are unnecessarily putting people at risk. Why would you hold onto data of an individual who moved out of South Carolina a decade ago?” he asked.

State Revenue Director Jim Etter said the agency’s policy is to keep records for 15 years, in the event of criminal cases that require them. However, officials are considering shortening that to 10 years, he said.

Stephens noted taxpayers are required to hand over personal information to the tax agency.

“The unfortunate part of this is you have no choice and a resident with income is going to have to file a return,” he said. “There are things in life that are discretionary but this is not and one expects the government to be a good steward of the data entrusted to it.”

___

Seanna Adcox contributed to this report from Columbia, S.C.