Voice For Liberty

Tag: Government transparency

  • Open Records in Kansas

    Open Records in Kansas

    business-records-file-foldersKansas has a weak open records law. Wichita doesn’t want to follow the law, as weak as it is.

    As citizen watchdogs, I and others need access to information and data. The City of Wichita, however, has created several not-for-profit organizations that are largely funded by tax money. The three I am concerned with are the Wichita Downtown Development Corporation, Go Wichita Convention and Visitors Bureau, and Greater Wichita Economic Development Coalition.

    I have asked each organization for checkbook-level spending data. Each has refused to comply, using the reasoning that they are not “public agencies” as defined in the Kansas Open Records Act. But consider the WDDC: When I made a request for records, its percent of revenue derived from taxes was well over 90 percent every year but one. In many years the only income WDDC received was from taxes and a small amount of interest earned. Click here to see how much of WDDC’s revenue comes from taxes.

    The Wichita city attorney backs these organizations and their interpretation of the law. So do almost all city council members. After 14 months investigating this matter, the Sedgwick County District Attorney agreed with the city’s position. (Click here to read the determination.) The only course of action open to me is to raise thousands of dollars to fund a lawsuit.

    Citizen watchdogs and others need the ability to examine the spending of tax money. When government creates quasi-governmental bodies that are almost totally funded through taxes, and then refuses to disclose how that money is spent, we have to wonder why the city doesn’t want citizens to know how this money is spent.

    An example of why this is important is the case of Mike Howerter, a trustee of Labette Community College in Parsons. He noticed that a check number was missing from a register. Upon his inquiry, it was revealed that the missing check was used to reimburse the college president for a political campaign contribution. While the college president committed no violation by making this political contribution using college funds, this is an example of the type of information that citizens may want regarding the way public funds are spent.

    In Wichita, because of a loophole in the Kansas Open Records Act, a large amount of tax money is spent without this type of scrutiny. This year the Kansas Legislature is considering HB 2567, which will start to bring accountability for how all tax money is spent..

    The Attorney General’s page on the Kansas Open Records Act is here. The Kansas Legislator Briefing Book chapter for the Kansas Open Records Act is here.

    Wichita doesn’t value open records and open government

    On the KAKE Television public affairs program “This Week in Kansas” the failure of the Wichita City Council, especially council member Wichita City Council Member Pete Meitzner (district 2, east Wichita), to recognize the value of open records and open government is discussed.

    For more background, see Wichita, again, fails at open government.

    Wichita, again, fails at open government

    The Wichita City Council, when presented with an opportunity to increase the ability of citizens to observe the workings of the government they pay for, decided against the cause of open government, preferring to keep the spending of taxpayer money a secret. Continue reading here.

    Wichita could do better regarding open government, if it wants

    Tomorrow the Wichita City Council will consider renewing its contract with Go Wichita Convention and Visitors Bureau. The renewal will provide another opportunity for the council to decide whether it is truly in favor of open government and citizen access to records. Continue reading here.

    Wichita government’s attitude towards citizens’ right to know is an issue

    At a meeting of the Wichita City Council, Kansas Policy Institute president Dave Trabert explained the problems in obtaining compliance with the Kansas Open Records Act. Continue reading here.

    Open records again an issue in Kansas

    Responses to records requests made by Kansas Policy Institute are bringing attention to shortcomings in the Kansas Open Records Act. Continue reading here.

    In Wichita, disdain for open records and government transparency

    Despite receiving nearly all its funding from taxpayers, Go Wichita Convention and Visitors Bureau refuses to admit it is a “public agency” as defined in the Kansas Open Records Act. The city backs this agency and its interpretation of this law, which is in favor of government secrecy and in opposition to the letter and spirit of the Open Records Act. Continue reading here.

    Additional information on open records is at:

  • What type of watchdog are you?

    What type of watchdog are you?

    magnifying-glass
    To help citizens become government watchdogs, the Franklin Center for Government and Public Integrity is providing a new resource. It’s the Watchdog Quiz, and it will help you discover what type of role you will want to fill as a government watchdog.

    The quiz takes just a few moments to complete, and answering the questions will help you discover all the things that citizens can do to be involved in government, especially at the local level. My Watchdog type is “Content Creator.” What is yours?

    Click here to take the quiz.

    Following is some material from Watchful Citizens Follow Founders’ Vision For America.

    “The salvation of the state is watchfulness in the citizen.”

    This quote inscribed on the state capitol building in Lincoln, Nebraska, has become our North Star here at Watchdog Wire. We believe that citizens can contribute to better and more efficient local government by staying involved in their communities and speaking up when something doesn’t add up.

    But what does it mean to be “watchful?”

    The answer is different for everyone, and has changed throughout American history. For Thomas Paine and Ben Franklin, staying watchful came in the form of pamphlets and newspaper columns. Later, being watchful was entrusted to elected representatives in Congress. Now, technology has made it easier than ever for citizens to stay informed and hold government accountable.

    The medium used is ever-changing but the sentiment of keeping watch remains the same — to ensure the blessing of liberty to ourselves and our posterity.

    So where do you fit into the American story? How do you keep watch on government and its expanding role in our lives? Take the Watchdog Quiz to find out.

    Continue reading at Watchful Citizens Follow Founders’ Vision For America.

  • Voice for Liberty Radio: Kansas legislative reforms

    Voice for Liberty logo with microphone 150

    In this episode of WichitaLiberty Radio: Kansas Representative John Rubin has proposed two reforms to legislative procedure at the Kansas Capitol that, I believe, would improve the process. The first concerns granularity, that is, considering a group of bills (actually conference reports) with a single vote. The second simply asks that all non-trivial votes be recorded and made available to the public. Here’s Representative Rubin speaking in Topeka on January 16 at the Tenth Amendment Dinner.

    This is podcast episode number 5, released on January 23, 2014.

    [powerpress]

    Shownotes

    John Rubin
    The Rubin rule
    The Rubin rule at Political Chips. This page tracks members’ positions on the Rubin rule.
    Legislative procedure in Kansas

  • Transparency groups want to know where Wichita tax money is going to promote Wichita

    By Craig Andres, KSN News. View video below, or click here. For more on this issue, see Open government in Kansas.

    WICHITA, Kansas — Public or private? GoWichita, Wichita Downtown Development Corporation and the Greater Wichita Economic Development Coalition get more than three million dollars a year. Some of that is taxpayer money.

    “Why are their records not public?” asks Randy Brown with the Sunshine Coalition. “It’s ridiculous because we ought to know. These are largely tax supported entities. It’s our money that’s being used. There’s no reason in the world these things shouldn’t be open.”

    The Sunshine Coalition is not alone. Bob Weeks with the Voice For Liberty is asking the same questions.

    “I have asked several times for complete open records on these three entities,” says Weeks.” But the mayor and city council have not been interested.”

    Vice Mayor Pete Meitzner talked with KSN. We asked if the ledgers not being 100% public could be a problem.

    “Okay, it could smell like that. But it’s not because we get boards. They have review boards,” says Meitzner. “They have review boards that are members of this community that would not allow it.”

    Meitzner says the public doesn’t need to know about day-to-day spending.

    “The people that would be looking at that on a daily basis would be our peer city competitors,” explains Meitzner. “Oklahoma, Tulsa, Kansas City and Omaha, they would want to know everything that we are doing to get people downtown.”

    Still, watchdog groups say they want to know more.

    “The Mayor and the City Manager say all the time that we must be transparent, that we value giving records and information to the citizen,” says Bob Weeks with the Voice For Liberty. “But when it comes down to it they really don’t act in the same way that they say.”

  • WichitaLiberty.TV January 19, 2014

    In this episode of WichitaLiberty.TV: How much would you pay to visit the Wichita Art Museum? You might be surprised to learn how much each visit really costs. Then: A transparency agenda for Wichita city government and the Kansas Legislature. Finally, a look at public schools wasting money. Episode 28, broadcast January 19, 2014. View below, or click here to view at YouTube.

  • Two legislative reforms that would benefit Kansans

    Kansas LegislatureFollowing is a letter to legislators from Kansas Representative John Rubin regarding two reforms to legislative procedure that, I believe, would improve the process. The first concerns granularity, that is, considering a group of bills (actually conference reports) with a single vote. The second simply asks that all non-trivial votes be recorded and made available to the public.

    As many of you know, I have always been and remain an ardent advocate of full transparency and accountability to the voters who have elected us to serve in the Legislature and to all the citizens of Kansas. I believe our oath of office demands no less. In my view, effective and responsible governance demands that we always cast informed votes, and that we always disclose to our constituents and all Kansans how we vote on the public policies that so profoundly affect their lives.

    In my mind, our longstanding legislative practices of bundling multiple bills in a single conference committee report for one vote under the Joint Rules, and of not recording our votes on bills, resolutions and amendments in the Committee of the Whole on General Orders under the House Rules, directly contravene our obligation to the people of Kansas to be fully informed on the matters on which we vote, and to be transparent in and accountable for our votes, factors critical to effective governance. Accordingly, I have drafted two resolutions amending the Joint Rules and House Rules, respectively, to correct these undemocratic legislative practices. I plan to prefile them the week before our 2014 session starts. I am asking for your support, and hopefully your co-sponsorship, of both.

    The first initiative, Revisor draft 14rs2664, is a Concurrent Resolution amending the Joint Rules to provide that a conference committee report (CCR) may contain only the bill being conferenced and all or part of one other bill that has passed either Chamber during the current biennium. As you know, current practice allows for an unlimited number of additional bills or parts of bills that have been passed by either Chamber to be added to the bill being conferenced, and we members have one vote on the entire CCR package on the floor. It is not unusual for as many as four, six, eight or more bills to be added to a conferenced bill in a CCR. Unless a member serves on the committee from which the bills have emanated — and perhaps not even then — the member has little if any opportunity to fully inform himself or herself of the contents, consequences or effects of the additional bills, particularly if the added bills did not originate in and were not debated in our Chamber, and particularly under the pressing time constraints we experience late in session, when most of these CCRs are considered. Accordingly, the likelihood that most members are even marginally well informed on the votes we are asked to east on these multi-bundled CCRs is slim. Worse, even if we do inform ourselves on all aspects of all bundled bills in such CCRs, we may well be of two minds regarding how to cast our one vote on it. For example, a member may fully support four of the bundled bills in an eight-bundle CCR because they square with the member’s principles and are, in his or her view, good public policy for the member’s constituents and all Kansans, and he or she may oppose the other four because they are not. In short, current practice virtually ensures that members often cast uninformed or unprincipled votes on much of the public policy contained in multi-bundled CCRs. That is no way to govern. Concurrent Resolution 14rs2664 will correct these irresponsible and undemocratic legislative deficiencies.

    If you support and wish to co-sponsor this anti-bundling Concurrent Resolution, please email Revisor Gordon Self at Gordon.Self@rs.ks.gov by January 6, 2014 and inform him of your intent to do so, referencing the Concurrent Resolution draft, 14rs2664. Your name will be added to the Concurrent Resolution as a co-sponsor prior to prefiling it the week of January 6, 2014.

    The second initiative, Revisor draft 14rs2668, is a House Resolution amending the House Rules to require that all House floor votes, whether in the Committee of the Whole on General Orders or on Final Action, shall be recorded votes. The only exceptions are for procedural votes such as on motions to recess or adjourn, motions to rise and report, or resolutions pertaining to commendations or acknowledgments. As you know, current practice on General Orders is that all votes on bills, resolutions and amendments are voice votes, or, on a division call, unrecorded electronic votes, absent a show of 15 hands requiring a roll call vote. Make no mistake — those “unrecorded” electronic division votes are in fact being recorded outside our chamber and in the House Gallery, by handwritten notes, camera phones directed to the closed circuit television screen, and otherwise, by government officials, lobbyists, and other political insiders vested in the outcomes of these votes. I believe that the citizens who sent us to Topeka should have the same access to these vote results that political insiders do. Moreover, all Kansans are, in my view, entitled to know how we vote on every public policy question put to us — in bills, amendments and resolutions — not just on Final Action, but preliminarily on General Orders as well — and are entitled to know whether, and ask why, we changed our vote on a measure between the Committee of the Whole vote one day, and Final Action on the same measure the next. I believe that our oath of office and our responsibility to be transparent in our votes and accountable to the people of Kansas for them require no less.

    If you support and wish to co-sponsor this House Resolution requiring that all substantive House floor votes be recorded, please email Revisor Gordon Self at Gordon.Self@rs.ks.gov by January 6, 2014 and inform him of your intent to do so, referencing the Concurrent Resolution draft, 14rs2668. Your name will be added to the Resolution as a co-sponsor prior to prefiling it the week of January 6, 2014.

    Thank you for your serious consideration and possible support of these two important resolutions promoting accountability and transparency in our work in the Kansas Legislature on behalf of the citizens of Kansas.

  • A transparency agenda for Wichita

    Wichita City HallKansas has a weak open records law, and Wichita doesn’t want to follow the law, as weak as it is. But with a simple change of attitude towards open government and citizens’ right to know, Wichita could live up to the goals its leaders have set.

    The City of Wichita is proud to be an open and transparent governmental agency, its officials say. Wichita Mayor Carl Brewer often speaks in favor of government transparency. For example, in his State of the City address for 2011, he listed as an important goal for the city this: “And we must provide transparency in all that we do.” When the city received an award for transparency in 2013, a city news release quoted Wichita City Manager Robert Layton:

    “The City Council has stressed the importance of transparency for this organization,” City Manager Robert Layton said. “We’re honored to receive a Sunny Award and we will continue to empower and engage citizens by providing information necessary to keep them informed on the actions their government is taking on their behalf.”

    Wichita logic open records
    But when we look at some specific areas of government transparency, we find that the city’s efforts are deficient. Below are a few areas in which the city could improve. Much more is available here: Open government in Kansas

    The Kansas Open Records Act (KORA), in KSA 45-216 (a) states: “It is declared to be the public policy of the state that public records shall be open for inspection by any person unless otherwise provided by this act, and this act shall be liberally construed and applied to promote such policy.

    In reality, Kansas has a weak open records law. Wichita doesn’t want to follow the law, as weak as it is. But with a simple change of attitude towards open government and citizens’ right to know, Wichita could live up to the goals its leaders have set.

    Attitude

    Citizen watchdogs need access to records and data. The City of Wichita, however, has created several not-for-profit organizations that are controlled by the city and largely funded by tax money. The three I am concerned with are the Wichita Downtown Development Corporation, Go Wichita Convention and Visitors Bureau, and Greater Wichita Economic Development Coalition.

    I have asked each organization for checkbook-level spending data. Each has refused to comply, using the reasoning that they are not “public agencies” as defined in the Kansas Open Records Act. But consider the WDDC: In every year but one, its percent of revenue derived from taxes is well over 90 percent. In many years the only income WDDC received was from taxes and a small amount of interest earned. Click here to see how much of WDDC’s revenue comes from taxes.

    The Wichita city attorney backs these organizations and their interpretation of the law. So do almost all city council members. After 14 months investigating this matter, the Sedgwick County District Attorney agreed with the city’s position. (Click here to read the determination.) The only course of action open to me as a citizen watchdog is to raise thousands of dollars to fund a lawsuit.

    There is one other course of action, however. That is, these agencies and the city could fulfill the records requests that I have made. These agencies believe the law doesn’t require them to release the records, but the law does not prohibit or restrict releasing the records. They could fulfill requests if they wanted to, which goes back to the attitude of the city. For more, see Wichita, again, fails at open government.

    Citizen watchdogs and others need the ability to examine the spending of tax money. When government creates quasi-governmental bodies that are almost totally funded through taxes and then refuses to disclose how that money is spent, we have to wonder why the city doesn’t want citizens to know how this money is spent.

    An example of why this is important is the case of Mike Howerter, a trustee of Labette Community College in Parsons. He noticed that a check number was missing from a register. Upon his inquiry, it was revealed that the missing check was used to reimburse the college president for a political campaign contribution. While the college president committed no violation by making this political contribution using college funds, this is an example of the type of information that citizens may want regarding the way public funds are spent.

    Website

    The most important way governments can communicate with their subjects is through their websites. Wichita moved to a new website early in 2013. While the former website had its share of problems — such as a search feature that didn’t work very well — the new website has been a step backwards.

    For example, it appears that for citizen review boards like the Metropolitan Area Planning Commission and Historic Preservation Board, agendas and minutes prior to 2012 did not survive the conversion to the new website. Other documents that were previously available but appear to be missing after the conversion include the daily arrest reports. It appears that only a few years of past budgets are available, but the comprehensive annual financial reports are available for about ten years back. (If I missed any documents that are actually available, I apologize. But the fact that I couldn’t find them is its own problem.)

    The prior website had a service called “MyWichita.” This was a very useful service. After registration, citizens could see a list of documents and check the types of documents for which they’d like to receive notification when newly available, such as meeting agenda and minutes. This email reminder service was very valuable. It didn’t survive the conversion to the new website, and there’s nothing new to replace its function.

    The search feature on the new website is better than on the old. But there is a curious twist to the new search: It gives different results depending on the starting page. This could be a potentially useful feature if users were made aware of it. For example, if the user is currently viewing the Finance Department web page and starts a search, the system could give the user a choice of search just the Finance Department, or all of the website. Presently, it appears that the search would be confined to just the Finance Department, and users could easily conclude that documents they searched for don’t exist, when in fact they do.

    Most new websites in recent years will adapt so they are usable from mobile devices like smartphones. Not so with the new Wichita website.

    Spending data

    Many governmental agencies post their checkbooks on their websites. Sedgwick County does, and also the Wichita school district. Not so the City of Wichita.

    wichita-checkbook-register-example
    Even after asking for checkbook spending data, Wichita can supply data of only limited utility. What was supplied to me was data in pdf form, and as images, not text. It would be difficult and beyond the capability of most citizens to translate the data to useful format. Even if someone translated the reports to computer-readable format, I don’t think it would be very useful. This is a serious defect in the city’s transparency efforts.

    Legal notices

    Kansas law requires that local government agencies publish legal notices for a variety of topics. Presently these are published in the Wichita Eagle at great cost to taxpayers. These notices could also be published on the city’s website, where they could be searched and archived. This would increase the usability of these documents at very little cost to the city.

    Publish requests

    When governmental agencies like the City of Wichita fulfill records requests, they could also publish the records on their websites. Most of the time the records are supplied electronically, so this is an additional simple (and low cost) step that would leverage the value of the city’s effort.

    Leveraging our lobbyists

    What do lobbyists, including taxpayer-funded lobbyists, do in Topeka? One thing they do is testify before committees, in both verbal and written form. Another thing they do is to prepare reports for the clients, advising them on upcoming legislation, analyzing how it affects them, and what the prospects for the bill might be. They also meet with legislators and their clients, which are your elected officials.

    Here’s a proposal that will help citizens make best use of their taxpayer-funded lobbyists:

    I see nothing in the Kansas Open Records Act that allows local governmental units in Kansas to refuse to disclose these documents: testimony, reports by lobbyists to their government clients, and the lobbyists’ calendars (or billing records for contract lobbyists). Instead of making citizens ask for these records, possibly paying fees to obtain what they’re already paying for, why don’t local governments post these documents immediately on their websites?

    Citizens could then benefit from the activities of the lobbyists they’re paying for. They could learn more about legislation as it works its way through the process. Citizens could judge whether the positions taken by the government lobbyists they’re paying for are aligned with their policy preferences.

    If the actions taken by taxpayer-funded lobbyists are truly in the public interest, you’d think that cities, counties, and school boards would already be making this information easily available. In any case, there should be no resistance to starting this program.

  • WichitaLiberty.TV January 5, 2014

    In this episode of WichitaLiberty.TV: A look back at a few problematic issues regarding ethical government in Wichita in 2013. Topics include: Campaign contributions, the timing of city and school board elections, Mayor Carl Brewer’s integrity and threats, the need for campaign finance reform, the firing of a television news reporter, the apparently non-transparent way the city formulates policy, and the useless feedback systems the city relies on. Episode 26, broadcast January 5, 2014. View below, or click here to view at YouTube.

  • Exchange data security breaches don’t require notification

    The breach of consumer data at Target has brought the issue of data security in focus. Yesterday a senator called for more protection and accountability for consumers and retailers. The following story from Watchdog.org tells us that government does not want to hold itself to the standards it wants the private sector to observe. There has been legislation proposed. Rep. Diane Black [R-TN6] has introduced H.R. 3731: Federal Exchange Data Breach Notification Act of 2013, whose title is “To require an Exchange established under the Patient Protection and Affordable Care Act to notify individuals in the case that personal information of such individuals is known to have been acquired or accessed as a result of a breach of the security of any system maintained by the Exchange.”

    Feds not required to report security breaches of Obamacare exchange website

    By 

    HACKED OFF: Hackers or careless bureaucrats could cause private information to be spilled across the Internet. But the federal government, unlike most states, don't have to tell users when they have been compromised.

    HACKED OFF: Hackers or careless bureaucrats could cause private information to be spilled across the Internet. But the federal government, unlike most states, don’t have to tell users when they have been compromised.

    By Eric Boehm | Watchdog.org

    Americans who buy health insurance through the federal Obamacare exchange website could have their personal information stolen by hackers and never even know it.

    Most of the state-run health exchange websites will be covered by state laws that require notification when government databases are breached by hackers. But there is no law requiring notification when databases run by the federal government are breached, and even though the Department of Health and Human Services was asked to include a notification provision in the rules being drawn up for the new federal exchange, it declined to do so.

    Other protections for individuals’ privacy, like the Health Insurance Portability and Accountability Act, or HIPAA, do not apply to the government-run exchange, only to health providers and insurance companies operating within the exchange.

    Privacy advocates and cyber-security experts have had concerns about the lack of a federal notification law for years and hope the scrutiny of the Obamacare exchange will finally bringchange.

    “The notification requirement is a very important part of overall security,” saidDeven McGraw, director of the Health Privacy Project at the Center for Democracy and Technology. “People should be told when their information is at-risk.”

    The lack of a notification requirement is particularly bad for the health insurance exchange website because of all the questions surrounding the site’s security. Poor security, coupled with the website’s high-profile problems, could make it a target for hackers either seeking to steal identities or embarrass the government.

    Unfortunately, security is often an afterthought for the government, said David Kennedy, CEO of TrustedSEC, an Ohio-based cyber-security firm. Kennedy has testified before Congress about security threats in the Obamacare exchange and the need for notification laws.

    “All we need is something that says if the federal government is breached, all we have to do is alert the public,” he told Watchdog.org. “Healthcare.gov is just one website of hundreds that have had these issues going back through the years.”

    Together it creates a possible nightmare scenario. Without strong security on the front end, the hastily built and not fully operational website could become a treasure trove for hackers looking to steal identities. But without any laws requiring that those victims be notified by the federal government users of the Federal health exchange will be in the dark about any potential security breaches of their private data.

    When the federal Obamacare exchange was being developed by HHS prior to its troubled launch on Oct. 1, experts told the department that it should include a data-breach provision in its policies for the website even though one was not required under federal law.

    The department flatly declined to do so.

    The final rules for the exchanges were approved on March 27, 2012, meeting of HHS officials, according to the Federal Register.

    At that meeting, two commenters asked HHS to ensure the exchanges would promptly notify affected enrollees in the event of a data breach or unauthorized access to the exchange’s databases. One suggested that a full investigation be launched each time such a breach occurred, with the goal of holding hackers legally and financially accountable for breaking into the website.

    The department’s response: “We do not plan to include the specific notification procedures in the final rule. Consistent with this approach, we do not include specific policies for investigation of data breaches in this final rule.”

    Since there is no federal notification requirement, breaches of any and all federal databases can occur without the public ever being informed.

    The only way to find out a hack has occurred is when the government decides to disclose it — as several federal law enforcement agencies did last month in response to attacks from Anonymous, a group of super-hackers who threatened to take down the FBI website and others.

    But hacks that happen behind the scenes —potentially stealing everything from Social Security numbers to Department of Homeland Security watch lists — never have to be reported.

    “That’s alarming because there could be a number of federal databases that are compromised already and we don’t know about it,” Kennedy said. “The exchange is part of a bigger problem.”

    Federal privacy protections contained in HIPAA also do not apply to the databases created by the federal exchange website, McGraw said, even though health insurers doing business through the exchange must be HIPAA compliant.

    In other words, the health plan itself is covered by HIPAA and any breaches of security that affect a consumer who has purchased a specific plan would have to be reported. But the process of choosing and purchasing a plan through the federal exchange — along with any information entered into the federal exchange as part of that process — is not subject to HIPAA protections.

    “The problem with the exchanges is that they are such new entities, and they are so unique that existing laws don’t really cover them,” McGraw said.

    But 48 states have laws on the books requiring that they give notification to individuals who may have had personal information stolen or leaked from a government database. Many states require that government agencies and departments alert the state attorney general so investigations can be launched.

    In states that opted to run their own health insurance exchanges, those laws generally cover security breaches of the exchanges, McGraw said, though it depends on the specific wording of each state law.

    Those state laws are how data breaches of several state-level health insurance exchange websites have come to light.

    In September, Watchdog.org reported on a data breech of the Minnesota health exchange — known as “MNsure” — that potentially affected as many as 2,400 people.

    In Florida, concerns about data breaches of the state-run exchange website prompted Gov. Rick Scott to send a letter to Congress saying Floridians would not exchange privacy for insurance.

    On the federal exchange, such breaches are possible, maybe even likely, since the site was launched without comprehensive testing of the security controls for the system.

    A Sept. 27 memo to Medicare chief Marylin Tavernner said insufficient testing of the website before the Oct. 1 launch “exposed a level of uncertainty that can be deemed a high risk,” the Associated Press reported in October.

    Even though the federal government does not have to report any breaches of security, at least a few already have occurred.

    The most high-profile case so far is that of Thomas Dougall, a South Carolina lawyer who had his personal information accidentally leaked to another person after using the Obamacare exchange last month.

    We logged on and compared some prices,” Dougall later told Fox News’ Greta Van Susteren. “We came home last Friday night to have a young man from a completely different state calling to tell me that when he logged on … he got all my personal information in exchange.

    Dougall only found out about that breach of security because the recipient was kind enough to give him a call.  Without a requirement that the exchanges report such problems — whether the result of nefarious hackers or glitches in the programming — it is impossible to tell how many other Americans have had their private information released by the federal exchange.

    Kennedy said he would not recommend that anyone use the federal exchange until it is more secure and until breaches of security are reported.

    “I would say think twice about it, at least until we get more details,” he said.

    Kennedy says he supports universal health care and his criticisms of the website are not rooted in political motivations. But the former U.S. Marine whose firm provides computer security to several Fortune 100 companies says there have been “zero changes” to the security of the health insurance exchange website in the run-up to the much-touted Dec. 1 re-launch.

    Congress has debated a federal notification law in each of the past three years, but one has never been passed.

    In July, during a hearing of the House Committee on Energy and Commerce, lawmakers heard testimony from a variety of experts who explained the need for a federal breach notification requirement.

    David Thaw, a law professor at the University of Connecticut who specializes in cyber-security and the legal framework around it, said data breach notification laws, combined with comprehensive data security, are an essential part of protecting consumers and businesses.

    I analogize the effects of breach notification alone to locking the bank or vault door while leaving a back window wide open,” he said.

    With the federal health insurance exchange, there are questions about whether the vault door has been adequately locked.

    But there is no doubt that the back window is still wide open.

    Boehm is a reporter for Watchdog.org and can be reached at EBoehm@Watchdog.org. Follow him on Twitter @EricBoehm87