Computerworld - Red-faced officials at the California Public Employees' Retirement System (CalPERS) are sending out letters of apology to about 445,000 state retirees after inadvertently printing their Social Security numbers on brochures announcing an upcoming election at the state pension fund.
The error happened last week and has already prompted several changes at CalPERS to reduce the chances of something similar happening again, said spokeswoman Pat Macht.
According to Macht, the privacy breach happened after an employee inadvertently sent a disk containing Social Security numbers to the printer responsible for printing the brochures. The disk was only supposed to contain the names and addresses of the individuals getting the brochures.
Although the printer had an alert system for detecting and preventing the inadvertent publication of Social Security numbers, Macht said, many of the numbers that wound up being printed on the address panels of the brochures began with a series of zeros. That may have confused the system into thinking the figures were member numbers or some other sort of identifier, she said. In some cases, full Social Security numbers were printed on the brochures; in others, only partial numbers were printed.
Following the breach, pension fund officials sent out letters to those affected, apologizing for the error and vowing to implement measures to prevent a similar mix-up in future. "We've taken a number of steps to make sure the same thing doesn't happen again," Macht said. Those steps include a new mandatory information security training program and a process that requires at least three officials -- including the security officer and application owner -- to sign off on all releases of personal information.
"We are also doing a review of how we collect our data and how we store it and how we use it," Macht said. The review includes looking at how to create a unique identifier for individuals that would eliminate the need for using Social Security numbers, she said.
Macht noted that this incident "we think certainly underscores the need to have bullet-proof processes" for protecting personal data.
Read more about Security in Computerworld's Security Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
