A Berkeley municipal staff member mistakenly disclosed the social security numbers of everyone who works for the city while responding to a public records request, and the city recently sent a letter to staff informing them of the error.
One staffer, who asked not to be identified, called the mistake “appalling,” and another criticized the city for taking weeks to inform employees about the breach.
“The bottom line is the city amateurishly screwed up and it only represents to me the type of incompetence that constantly costs the city,” said another employee, who asked to remain anonymous. “The City should provide better training for whoever handles PRA (Public Record Act) requests so we no longer have inappropriate and illegal withholding or, in this case, sloppy and gratuitous disclosure.”
City Manager Christine Daniel said Friday that the city had taken the matter very seriously: “We value our employees’ confidentiality and we’re very sorry that it happened. All I can say is that it was a mistake.”
The city sent a letter, dated April 15, to all staff members reporting the inclusion of employee social security numbers in a data set about public employee salaries. (The Bay Area News Group (BANG) publishes a database of municipal salaries annually.) The city is required by law to release public employee salaries, and provided BANG the information electronically.
According to the letter: “Although City staff removed one column that clearly was identified as employee social security numbers, social security numbers were also in a second column and not as readily identifiable. Staff failed to remove this second column and, as a result, inadvertently disclosed your social security numbers to BANG.”
Daniel said the city sent the original information to BANG on March 11, and realized the error at the beginning of April. On April 4, the city sent a letter to BANG about what had happened, and requested that BANG destroy all records of the social security numbers. On April 8, the city “received confirmation from BANG that it did not disclose any employee social security numbers and that it has permanently destroyed the information.” The city then sent the April 15 letter to employees to alert them of the situation. One employee said the letter arrived April 17, two weeks after the city realized what had occurred.
The letter informed employees about how to obtain free credit reports and provided a city phone number for them to call should they have additional questions.
“We tried to write it so that it was really clear, so that anybody who read it could get all the facts,” Daniel said. “It states everything as far as we can tell.”
Daniel said the city did not plan to offer any special credit monitoring services, but that all employees are already entitled to free credit monitoring through their Employee Assistance Program benefit.
Daniel acknowledged that it “took us a while to do the mailings” because folding and stuffing thousands of envelopes was a somewhat labor-intensive endeavor. (She said that roughly a couple thousand letters had been mailed.)
One employee said five people in his department had become victims of identity theft since the release of information, but that they did not know whether it was directly linked to the BANG disclosure. Daniel said she had not been informed about any identity theft cases related to the mistake.
She also said Friday that the city has changed how it will handle the BANG request next year.
“We’ve undertaken a whole new programming approach to make sure, when they make the same request, that this won’t happen again,” she said. “We’ve completely revised how we release it.”
Would you like a digest of the day’s Berkeley news sent to your inbox? Click here to subscribe to Berkeleyside’s free Daily Briefing.