Even when there’s no malicious intent, employees removing documents from secure areas can result in a reportable breach and costs, as Fox54 reports:
An investigation is underway into a breach of personally identifiable information of more than 400 Army Materiel Command employees.
According to a news release from AMC, an AMC employee took official hard copy documents to the employee’s personal residence in the Huntsville area. The documents were retrieved and are currently secured. The compromise was immediately reported to the AMC Privacy Office, the Army Privacy Act Office and the Army Criminal Investigation Division.
The news release said there was no evidence of criminal or fraudulent activity.
AMC said all employees were notified of the breach. Employees whose information was compromised will be notified with details specific to their personal information, and will be provided a credit monitoring service.
The affected employees are assigned to locations within AMC headquarters and across AMC’s subordinate commands, with the majority at Redstone Arsenal.
So.. is this over-reporting, or does reporting this incident really seem necessary and appropriate to you?