Three US State Department officials have been disciplined for improperly accessing the passport records of Democrat presidential candidate Barack Obama. It is good to hear that audit systems protecting the data of "high-profile Americans" worked in this case and two of the employees concerned were fired. But what about the 99% of US citizens who are not politicians or others of special interest? Doesn't their data deserve protection too?
There are also questions over why the State Department was collecting and storing more sensitive personal information (such as travel plans) than it needed to issue a passport. Minimisation of personal data collection is a key data protection principle. Nor should State Department workers have been technically able to access records they had no legitimate reason to see. Most security breaches come from "insiders" (employees with authorised access to systems and information) — systems must be designed to prevent illegitimate access.
UPDATE: It seems these officials also snooped on the passport files of Hillary Clinton and John McCain.