resource center
  See your link here
|
Computerworld - Red-faced officials at the California Public Employees' Retirement System (CalPERS) are sending out letters of apology to about 445,000 state retirees after inadvertently printing their Social Security numbers on brochures announcing an upcoming election at the state pension fund.
The error happened last week and has already prompted several changes at CalPERS to reduce the chances of something similar happening again, said spokeswoman Pat Macht.
According to Macht, the privacy breach happened after an employee inadvertently sent a disk containing Social Security numbers to the printer responsible for printing the brochures. The disk was only supposed to contain the names and addresses of the individuals getting the brochures.
Although the printer had an alert system for detecting and preventing the inadvertent publication of Social Security numbers, Macht said, many of the numbers that wound up being printed on the address panels of the brochures began with a series of zeros. That may have confused the system into thinking the figures were member numbers or some other sort of identifier, she said. In some cases, full Social Security numbers were printed on the brochures; in others, only partial numbers were printed.
Following the breach, pension fund officials sent out letters to those affected, apologizing for the error and vowing to implement measures to prevent a similar mix-up in future. "We've taken a number of steps to make sure the same thing doesn't happen again," Macht said. Those steps include a new mandatory information security training program and a process that requires at least three officials -- including the security officer and application owner -- to sign off on all releases of personal information.
"We are also doing a review of how we collect our data and how we store it and how we use it," Macht said. The review includes looking at how to create a unique identifier for individuals that would eliminate the need for using Social Security numbers, she said.
Macht noted that this incident "we think certainly underscores the need to have bullet-proof processes" for protecting personal data.
Read more about security in Computerworld's Security Knowledge Center.
Death to PST Files
Download Now
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Tape Killed the IT Guy
Watch Now
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
BRM: What You Can Do To Reduce Risk In Challenging Times
Watch this webcast now!
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
Sign up to receive updates on the latest Security resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2010 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
