More data breaches at Commerce Dept.
Commerce Secretary Gary Locke informed Commerce Department employees on Thursday that at least two more breaches involving the names and Social Security numbers of some employees have occurred in recent weeks, following two other incidents in the past six months.
"Please know we have no reason to believe that any of these incidents has resulted in any personal information being inappropriately used by anyone," Locke said. The few hundred employees potentially at risk were previously informed, Locke said in a department-wide e-mail sent Thursday afternoon. (See the full e-mail below.)
Deputy Secretary Dennis Hightower will lead a task force to review the department's procedures on handling employees' personal information and deliver a report with recommendations by March 1, Locke said.
He also instructed all department employees with access to personal information to attend training sessions in the coming days about interim protocols he put in place this week to protect personal information. The department will provide training to all employees about how to better protect their personal information.
Department officials were criticized last month for waiting to inform employees about a Dec. 4 breach until late January. A letter was not sent out until officials gained information about the breach through the investigative process, an official told The Post's Joe Davidson. Once the letter was written, it apparently got caught in a backlog of mail to be sent to employees, including W-2 income tax forms.
Leave your thoughts in the comments section below
In the past several weeks, a number of you have raised concerns about the security of your personally identifiable information held by the Commerce Department. We take those concerns seriously, and I want you to know what we’re doing to address them.
Personally Identifiable Information is information that can be used to distinguish or trace an individual's identity – such as name, social security number, fingerprint records, date and place of birth, mother’s maiden name, etc. And like any employer, the Department of Commerce has access to personal information of its employees.
The protection of this information – for every one of our more than 50,000 employees – is vitally important to all of us.
Many of you know about two incidents in the last six months where a significant number of employees’ personal information was not properly protected on our computer systems for a brief period. Anyone affected by these incidents has already been notified. In recent weeks, we also discovered additional incidents where some employees failed to follow the proper protocol for handling personal information. The errors discovered involved a few hundred employees, but they are no less troubling. Again, any employee affected by these incidents has been notified.
Please know we have no reason to believe that any of these incidents has resulted in any personal information being inappropriately used by anyone. But given how important Personally Identifiable Information is, we took extraordinary measures to protect you – including enlisting a company to monitor, for unusual activity, our employees’ personally-identifiable information.
Nonetheless, one of the reasons I’m writing today is because I believe more must be done. These failures are simply unacceptable.
I want you to know that I’ve taken both immediate and long-term steps to ensure that the department is properly handling and securing your personal information.
In the immediate term:
• Interim protocols are being instituted immediately to further protect your personal information.
• Every staff member across the Commerce Department with access to personally identifiable information will take part in additional training and instruction in the coming days about the interim protocols and to reinforce the requirement that all existing policies and procedures be followed precisely.
• Earlier this week, we convened an emergency session of the Executive Management Team to reinforce the importance of protecting personal information and to create high-level awareness of the seriousness and necessity of following established protocol for protecting sensitive information.
To improve our protection of your information in the long-term, today I asked Deputy Secretary Dennis Hightower to oversee a comprehensive review of all department policies, processes and systems pertaining to the confidentiality of employee Personally Identifiable Information. He will work with the Personal Information Protection Task Force at Commerce to deliver a plan for improvement by March 1.
We take our responsibility to protect your information – and any failures to do so – very seriously. I will report back to you as this process moves forward.
In the coming months, the department will also provide you with training on ways you can protect your own information and identity in all aspects of your life. As we become an increasingly “wireless” society, we are at greater risk of having our personal information compromised. We should all vigilantly protect our personal information in any setting – whether using a credit card at a store, banking on the Internet or reviewing personal documents in a public place.
We hope you will take advantage of this opportunity.
Thank you for voicing your concerns about this serious issue. I hope you will continue to provide feedback as we work to become a more effective organization and a leader in protecting privacy.
| February 4, 2010; 3:40 PM ET
Categories: Agencies and Departments, Workplace Issues
Save & Share: Previous: Unscheduled Leave for Federal Workers on Friday
Next: Eye Opener: Avocados and mangoes on the mind at USDA
Posted by: WorldNet | February 4, 2010 4:15 PM | Report abuse
Posted by: teamsimple | February 4, 2010 6:47 PM | Report abuse
Posted by: Wildthing1 | February 4, 2010 7:16 PM | Report abuse
Posted by: jameschirico | February 4, 2010 7:55 PM | Report abuse
The comments to this entry are closed.