The South Carolina Budget and Control Board unanimously
approves a plan to get bids from ID theft protection companies
to provide additional protection for state taxpayers.
Consultants that have been
studying the state's computer security also made recommendations on what's
working, and what needs to be improved, to better protect your personal
information that's in state computers.
The state wants ID theft protection companies to provide
service for up to five years. If possible, the state wants to be able to
automatically transfer those people who've already signed up for the free year
of credit monitoring that the state is providing into the new service.
request for proposals will also ask if the companies can come up with a way that
the state Department of Revenue can automatically enroll the taxpayers whose
information was stolen, rather than requiring the taxpayers to sign up on their
Gov. Nikki Haley said after the meeting, "When the
hacking first happened, the goal we had was how do we protect people quickly? We
partnered with Experian to get us a year in. Now we're sitting back saying, now
what do we have to do to keep people protected at the highest
She wants the new service in place before the current
year of credit monitoring runs out.
Consultant group Deloitte and Touche told the board that
the state does have some systems and safeguards in place that are working well.
Those include the Division of State Information Technology monitoring state
agencies' computers around the clock for signs of hacking, and the Department of
Revenue requiring employees to use two-factor authentication to sign in to
Two-factor authentication requires employees to sign in with
their name and password, but also a six-digit code that changes every 60
However, the consultants said since the state's agencies
all operate independently, there's no consistency, making it hard to have strong
computer security. It's recommending a more centralized system under a new
statewide Information Security Division.
Those changes, along with improvements
to the state's computer hardware and software and additional training for
employees, would cost about $15 million the first year and about $7 million a
year after that.