Regards,
Norm
http://www.kentuckyconnect.com/heraldleader/news/0809/fweb.html
---------- forwarded message
> A Web site accident
>=20
> Education Department posts personal data
>=20
> By Lucy May
> Herald-Leader Education Writer
> --------------------------------------------------
> The Kentucky Education Department accidentally
> posted the names, addresses and bank account
> numbers of 20 Oldham County school district
> employees on the World Wide Web.
>=20
> Education Department officials are not certain how
> long the information was posted on the
> international computer network, but it was
> probably there for more than a month, said Jim
> Parks, a department spokesman.
>=20
> The information was removed yesterday afternoon as
> soon as Education Commissioner Bill Cody found out
> there was a problem, Parks said.
>=20
> "It was an error that occurred apparently as a
> result of somebody not following a procedure that
> was in place," he said. "We're going to re-examine
> all the policies and procedures surrounding the
> whole thing."
>=20
> That comes a little late, however, for Timothy
> Pfaff.
>=20
> Pfaff, a bus driver in Oldham County, was one of
> the employees whose name, address and bank account
> number were posted in a training document on the
> Education Department's Web site.
>=20
> "I'm a little shocked," Pfaff said when told by a
> reporter that his name, address and bank account
> had been posted on the Web. "I'm just wondering
> how it could be used by some devious person."
>=20
> In fact, it would be tougher for a criminal to do
> harm with a bank account number than it would with
> a Social Security number, said Ed Evans, a
> spokesman for the FBI in Louisville.
>=20
> A person's name, address and bank account number
> typically appear on every check he or she writes,
> Evans said, so thousands of people get access to
> that information each year anyway.
>=20
> It would take someone who knew how to counterfeit
> checks to be able to do damage with the bank
> account information, said Beth Givens, project
> director of the Privacy Rights Clearinghouse at
> the University of San Diego in California.
>=20
> "It's still pretty bad," she said of the
> department's mistake. "Just the fact that they
> posted names and addresses is bad as far as I'm
> concerned."
>=20
> In an effort to make amends, department officials
> were planning to call all the employees who were
> affected last night, tell them what happened and
> apologize, Parks said.
>=20
> The department also will send written notification
> to the employees and apologize in writing, he
> said.
>=20
> And the agency plans to examine all its procedures
> for posting information on the World Wide Web,
> Parks said.
>=20
> Although state officials still aren't exactly sure
> what happened, here's what they think occurred:
>=20
> Officials at the education department were posting
> reports on the Web to try to help school district
> officials figure out a new statewide accounting
> system.
>=20
> They wanted to make the reports look as realistic
> as possible, Parks said. So the idea was to post
> the reports with real names but to scramble the
> other information so none of it matched with the
> names, he said.
>=20
> Instead, someone from the department used the
> actual names, addresses and bank accounts in the
> reports, Parks said.
>=20
> The reports were posted on the Web between April
> and June and were removed yesterday afternoon as
> soon as Cody found out about it, Parks said.
>=20
> Office of Education Accountability Director Penney
> Sanders said she alerted Cody of the problem as
> soon as her office verified that accurate
> information was posted on the Web.
>=20
> Sanders, whose office serves as a watchdog over
> the department, said she was pleased that the
> department reacted immediately once her office
> notified it of the problem.
>=20
> "Our concern is that there wasn't appropriate
> oversight to make sure this didn't occur in the
> first place," she said.
>=20
> Parks said once the department has apologized to
> all the people involved, officials are going to
> look into exactly how the mistake happened and who
> did it.
>=20
> The good news was that it was difficult to
> actually get to the information on the Web, Parks
> said.
>=20
> "It wasn't something that was just bang, bang and
> you got to it," he said.
>=20
> * * *
>=20
> Herald-Leader news researcher Linda Minch
> contributed to this report.
> --------------------------------------------------
> All Contents =A9 Copyright 1996 Lexington
> Herald-Leader. All Rights Reserved