Saturday, June 16, 2007

Privacy risked at the Party Headquarters...

If you saw Thursday night's (June 14) KING 5 news report you probably saw that the Pierce County Republican Party had put "100s if not 1000s of donors and party members' privacy at risk for identity theft". If you did not see the report, or just want the straight information, here is what happened and what we have done about it. (Check out <www.king5.com/> for a link to their report.)

On Wednesday afternoon, (June 13) Lucy, our office manager, put out the recycle bin for the first time since December. (It has taken that long to fill up.) Accidentally three folders which were not intended to be recycled were put into the recycle bin and taken to the curb for the normal Thursday morning pickup. During that Wednesday afternoon or early evening, a passerby noticed the recycle bin and noticed that some of the papers included privacy information that should have been protected. That passerby took the files and contacted KING 5 news to describe what he had. KING 5 news' Eric Wilkinson came down on Thursday, interviewed the passerby and called me to get my reaction. I had not heard of the incident and said so. I also said that the most important thing was to protect the records he now had in his possession so that we could quickly notify anyone whose privacy information was at risk to be extra vigilant in protecting their identity.

I drove to KING Broadcasting in Seattle last night, retrieved the documents intact and locked them up in the office.

How the records got into the recycle bin we are not sure. But today (June 15) Lucy and I personally reviewed each and every scrap of paper and discovered that the vast majority were meeting minutes, agenda and the like. Many were non-privacy Public Disclosure Commission (PDC) records of names, addresses, e-mail addresses, and phone numbers of PCOs or donors - though these are the same records that are on-line and available for all to see at the PDC or at the Auditor's websites. Eleven records, however, were copies of personal services contracts from some of the folks who operated one of our phone banks in 2006 for a fee. Those contracts included their Social Security Account Number (SSAN). We wrote a certified letter today to each of the 11 whose SSAN was left in the recycle bin to warn them of the breach and to be extra cautious. We are confident that the numbers were not compromised, however, since we got all the records back.

That does not excuse the lapse. What could have happened would not have been acceptable. So in addition to having Lucy or me "dumpster dive" all of the trash or recycle containers before we put them out for pick-up to make sure that no personal or privacy data is included, we will shred every piece of paper we print or any other that has names, addresses, etc, even though the exact same information may be available on line. We also determined that the shredder we did have was more of a "home" variety and could not either handle the volume or do an adequate job of denying the data to anyone with a child's glue gun and Scotch Tape. We purchased an industrial variety shredder that also cross-cuts so that it is just too difficult to put the data back together. In fact, all of the data we recovered from this incident is either returned to the 11 individuals whose SSAN was available on the paper, or is totally (cross cut) shredded.

Additionally, we looked around and discovered a ton of old (some back to the early 90's) records
stored throughout the headquarters. To review and perhaps destroy those records, I will call a work party together in the next several weeks and review all of the old stuff and shred all that is not of historical value (or required to be maintained for the IRS for five years.) We do not want what is junk to us to be treasure to an identity thief.

I grant that our party is doing the public's business and must be very open and above board. I also grant that we are a group of volunteers, but none-the-less we must be vigilant in protecting party members and donors from unscrupulous activity - there is enough of that in politics and campaigns.

If you have any suggestions for improving our new protections let me or Lucy know right away.

I sincerely apologize for any concerns this may cause you, but I am absolutely confident that what was left in the recycle bin on Wednesday did not leak out.

I had already told the state party headquarters about this incident even as it was unfolding. Now, however, I am going to ask them to use us as an example of things that could happen to other county parties. Perhaps in that way they can find ways to resolve issues before the same thing happens to them that happened to us.

Deryl McCarty
Chairman,
Pierce County Republican Party

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home