More details have emerged about a breach noted previously on this site. WFTV reports that the records were stolen from an Orange County Health Department employee’s car, but whether the employee had followed policy is somewhat unclear. Jeff Deal of the news station reports that county officials told him that the employee was allowed to have the documents as part of his job duties, but the reporter notes that it’s not clear that the employee was allowed to remove them from the office.
Even if the employee was allowed to take the records out of the office, and the use of a “lock box” suggests that the employee was aware of security risks, how do you explain leaving the lock box in the back of your SUV parked at your apartment complex?