Bill Laitner reports that a response to a freedom of information request provided more information than it should have:
The Bloomfield Hills School District accidentally revealed the names and Social Security numbers of 321 employees to two district parents who requested the number of staff whose salaries and benefits totaled $100,000 or more.
When parent Chris Fellin, 50, of West Bloomfield found the confidential data, partially hidden on a Microsoft Excel file, he said he informed Superintendent Rob Glass in person March 12.
But Fellin said Monday he was furious that the district named him and resident Pradeep Mehra in a March 15 letters to employees without properly explaining that they were innocent recipients of the district’s mistake.
[…]District officials said the letter to staff included the names of Fellin and Mehra to give a full explanation of what happened.
“If your Social Security number gets revealed, it’s reasonable to tell people who has it,” said Betsy Erikson, spokeswoman for the school district. “This is a situation that is very regrettable and we took quick action. We found out about it on a Saturday, took action on a Monday to protect our people and by Tuesday we drafted 321 letters.”
Fellin is a frequent critic of the district who routinely requests cost data. He sued the district in 2009, protesting the closure of Pine Lake Elementary School near his home. Fellin’s son, 17, is a student at Andover High School, and his daughter, 19, is an Andover graduate, he said. Mehra ran unsuccessfully for school board in 2008.
Read more in the Detroit Free Press.
Well, here’s an interesting question for those of us who routinely request or encourage more details in breach notices. Should the district have identified the recipients of the SSN by name or should they have simply written “two parents who had obtained the information due to our error in responding to Freedom of Information requests?” Are these parents more likely to experience retaliation as a result of the disclosure of their names? The name of the requestors under FOI is a matter of public record, but do you agree with how the district handled this disclosure?