Leeann Shelton reports another privacy breach due to a response to a Freedom of Information request:
More than 1,000 Social Security numbers belonging to Illinois Department of Corrections employees were inadvertently released in a response to a Freedom of Information Act request.
The affected employees work at the Lawrence and Dixon correctional centers, Acting IDOC Director Gladyse Taylor said in a letter informing the Illinois General Assembly about the breach.
But it wasn’t just SSN that were released improperly:
Employees’ names, ranks, salaries and job duties also were released in addition to the Social Security numbers, according to the statement.
IDOC’s statement does not explain whether the recipient(s) of the information have agreed to securely delete or shred the data. IDOC’s statement does not appear on their web site at this time.
Read more on Chicago Sun-Times.
Update: CapitolFax obtained a copy of the state’s statement yesterday:
On Friday, August 14th, we were made aware of a security breach within the Illinois Department of Corrections. More than 1,000 of our employee’s Social Security Numbers were included in a response to a civilian FOIA request, along with their names, ranks, salaries, and job duties. We sincerely apologize for the release of this personal information and we are working to remedy the situation. At this time, there is no indication that the information has been misused. We are in the process of notifying the impacted employees and will be available to assist them with any questions they may have.
Since the breach was discovered, we have undertaken an investigation of the incident. We are also reviewing our internal policies and procedures and will make necessary adjustments to prevent similar incidents in the future. The General Assembly has also been notified, as required under the Personal Information Protection Act, 815 ILCS 530.