Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Oops! Calif. state pension fund admits breach of retiree data

It also apologizes to the 445,000 people affected

August 22, 2007 12:00 PM ET

Computerworld - Red-faced officials at the California Public Employees' Retirement System (CalPERS) are sending out letters of apology to about 445,000 state retirees after inadvertently printing their Social Security numbers on brochures announcing an upcoming election at the state pension fund.

The error happened last week and has already prompted several changes at CalPERS to reduce the chances of something similar happening again, said spokeswoman Pat Macht.

According to Macht, the privacy breach happened after an employee inadvertently sent a disk containing Social Security numbers to the printer responsible for printing the brochures. The disk was only supposed to contain the names and addresses of the individuals getting the brochures.

Although the printer had an alert system for detecting and preventing the inadvertent publication of Social Security numbers, Macht said, many of the numbers that wound up being printed on the address panels of the brochures began with a series of zeros. That may have confused the system into thinking the figures were member numbers or some other sort of identifier, she said. In some cases, full Social Security numbers were printed on the brochures; in others, only partial numbers were printed.

Following the breach, pension fund officials sent out letters to those affected, apologizing for the error and vowing to implement measures to prevent a similar mix-up in future. "We've taken a number of steps to make sure the same thing doesn't happen again," Macht said. Those steps include a new mandatory information security training program and a process that requires at least three officials -- including the security officer and application owner -- to sign off on all releases of personal information.

"We are also doing a review of how we collect our data and how we store it and how we use it," Macht said. The review includes looking at how to create a unique identifier for individuals that would eliminate the need for using Social Security numbers, she said.

Macht noted that this incident "we think certainly underscores the need to have bullet-proof processes" for protecting personal data.



Jump to comments

California Public Employees' Retirement System

Additional Resources

Xerox
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Save time and mitigate security risk. Deploy it now.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

What People Are Saying

White Papers & Webcasts

Share our Strength
Download Now  

Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...

Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...