I've spent a lot of time here discussing my reservations about age verification and data retention mandates. I object on many grounds, but privacy and data security concerns are typically at the top of my list.

Government officials or others supporting mandatory data collection / retention always assure us that our personal information will be secure and that it will not fall into the wrong hands. And then something like this happens in Utah and reminds us why we were right to be concerned:

In a jaw-dropping embarrassment, the state of Utah has mistakenly divulged e-mail addresses of kids on its so-called child-protection do-not-e-mail list -- a registry proponents claim is foolproof. The gaffe stems from four citations the state issued recently against companies it alleges sent e-mail to children's addresses on its do-not-e-mail registry promoting alcohol, gambling and pornography.

According to court papers, when Justin Weiss, director of legislative affairs for the E-mail Sender and Provider Coalition, requested copies of the citations from Utah, the state complied but failed to redact the e-mail addresses of the children in the complaints. "I have no personal knowledge of how many other unredacted copies may have been sent out to other individuals that made information requests like mine," said Weiss in an affidavit.

State officials are reportedly mortified over the incident. "A fair amount of trust has been placed with us and this is not a good thing," Utah's Department of Commerce Director Francis Giani reportedly told the Salt Lake Tribune. "I'm sick about it."

As you should be. But I also hope others heed the lesson here: Despite government assurances to the contrary, government-collected personal information is never perfectly secure. That's why we must always be vigilant about limiting how much personal information our government can get its hands on. Read Jim Harper's fine new book, Identity Crisis: How Identification is Overused and Misunderstood, to learn more about these dangers.