Lauren Stanforth reports:
The town did not protect sensitive personal information when it used employee Social Security numbers on unsecured time sheets and unnecessarily kept credit card information of those who paid traffic fines, according to a state comptroller’s audit released Tuesday.
The audit, which reviewed practices from January 2008 to March 2009, found that town Social Security numbers were on the employees’ time sheets, and the sheets were often sent over the town’s e-mail system and paper copies were kept on desktops and in unlocked drawers. Town officials immediately abolished this practice when the state brought it to their attention, the audit stated, and now only use the last four digits of a Social Security number.
Also, credit card account information that was mailed into the town to pay for traffic infractions was retained in town records. And while the account numbers were blacked out, the numbers could easily be read by holding the paper up to light.
Read more in the Times Union.