Issuing driver’s licenses — the gold standard for identification — has become a complicated business in this post- 9/11 world.
Despite reform efforts and quite a bit of scrutiny, Colorado’s driver’s license agency is falling short in its efforts to issue secure documents and safeguard the personal information entrusted to the state.
That’s according to a recent report from the state auditor that says issuers don’t always verify applicants’ submitted information, license holders’ personal data is inadequately protected, and the state has lax controls to prevent fraud by its employees.
Surely, the state Department of Revenue can and should do better. Roxy Huber, the department’s executive director, agrees with that assessment. Some of these situations never should have happened.
But Colorado taxpayers have to realize something, too. When you cut a budget the way the state slashed funding for the Department of Revenue in the early 2000s, such lapses are bound to happen as underpaid and poorly trained workers struggle with rising workloads. For instance, Huber told The Post that cyber-security is a $1.5 million problem and she doesn’t have the money to pay for it. That’s a troubling situation.
One of the more pressing concerns in securing data is the threat of identity theft. A 2008 report from the Federal Trade Commission says Colorado is ranked eighth-worst in the country for identity theft and ranks first in the nation for fraud complaints per capita.
The Department of Revenue already has taken steps to address problems pointed out in the auditor’s report, such as revoking the computer access of some 33 former state driver’s license employees who still could have logged into the state system long after leaving state employment. That’s an example of a lapse that never should have been allowed to occur.
Another problem is the department’s failure to check the Social Security number of applicants who want to renew their licenses. That step, according to auditors, would help catch thieves who are attempting to steal the identities of deceased persons. The department agreed it’s a good idea, but it will cost $30,000 a year to do so.
And the department also agreed to begin encrypting batches of driver’s license data that the state transmits electronically to thwart identity thieves who may be trolling for information. This also is a good idea and it’s hard to believe it hasn’t been standard operating procedure.
We surely hope this audit is a wakeup call to everyone — from state legislators who are deciding how to cut up the fiscal pie to driver’s license officials who determine everyday policy at the agency.
