The following notice was posted on Brownsville (Texas) Independent School District web site:
On Monday, November 7, 2011, Brownsville ISD was advised that the Social Security numbers of employees who are enrolled for disability insurance were inadvertently posted by prior department administration in April 2011 on the Employee Benefits/Risk Management (EB/RM) website; a site accessible to the public. Once notified, the information was immediately removed. The information posted contained the employee name, estimated monthly salary, selected disability plan, disability premium, and employee ID number. Although this does not violate HIPPA regulations, the district understands the importance of safeguarding personal information and sincerely apologizes for this oversight. BISD is working closely with its EB/RM staff to ensure that sensitive data is more securely maintained. District employees who are impacted will be contacted individually by the Employee Benefits/Risk Management Department. The district encourages all impacted employees to be proactive by closely monitoring their credit reports. BISD employees may also call (956) 548-8061 for more information. Any additional information and/or updates related to this issue will be posted on the BISD homepage.
(Via DataLossDB.org)
Are we supposed to gather that the employee numbers were the same as employee Social Security numbers? I thought that practice ended years ago. Perhaps the Social Security information was linked to disability information.
I don’t know and would prefer to have BISD issue a fuller statement.
Or perhaps an employee of BISD who received the letter or knows the system could clarify?
Both employee ID #s and Social Security #s were released in the same file along with full employees names, financial and some health realted info
Ouch.