Officials look into possible breach of personnel files

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.chillicothegazette.com/article/20130410/NEWS01/304100016?nclick_check=1

CHILLICOTHE — Mayor Jack Everson said officials will investigate who
might have had access to a room with city personnel records after
allegations made Wednesday by a city employee that some files might
have been compromised.

Equal Employment Opportunity Director Tamra Lowe raised her concern to
the city’s Civil Service Commission on Wednesday morning, claiming
files have been improperly released to the public and the media with
multiple people being in possession of keys to the office housing the
files. She also claimed two department heads were seen together in
March going to the former municipal court building where records are
housed just days after an altercation involving police Chief Roger
Moore outside a bar with another individual was caught on cellphone
video.

Everson said Human Resources Director Tammy Bochard and the civil
service secretary are the only two individuals assigned to handle
requests from people seeking access to personnel files. The civil
service secretary was among several positions laid off during budget
cuts. Lowe said Everson asked her Jan. 10 to assume those duties as a
result.

Lowe said she wasn’t offered keys until earlier this week and stressed
she wouldn’t take any responsibility with regard to whether any files
had been compromised.

Everson said he would be checking with a municipal court security
guard to see who might have entered the office and confirmed that
Lowe, Safety Service Director Mike Green, himself and Civil Service
Commissioner Mike Warren all received keys earlier this week.

Meeting minutes obtained by the Gazette indicate issues with security
also were raised during the commission’s March 13 meeting.

Bochard reported an incident to Everson about a court-ordered
community service worker using the office, which was open.

In addition, Karen Hoffman, local president of the American Federation
of State, County and Municipal Employees union, also noted the files
contained Social Security numbers for applicants and employees.

The minutes indicate Hoffman thought “the security of this information
has already been compromised since there is no way of knowing who has
accessed the office and what information has been accessed or removed
from the files.”

“The files are to be maintained by the commission and only the
commission secretary should have direct access to the files,”
according to the minutes.

Civil service commissioners also will investigate the matter, said
Everson, who could not say whether there might have been a security
breach with personnel files.

“We got to find out the facts,” Everson said. “It’s speculative, and
we got to deal with the facts.”
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.