Date disclosed

City employees’ personal data disclosed

Long Beach Police Dept. investigating security breach affecting 500 workers

Posted

Some 500 city employees had their personal data disclosed when the state Civil Service Commission sent documents to two unnamed people in October, and the Long Beach

Police Department has launched an investigation into the

security breach.

The information was disclosed when the state commission responded to requests for personnel documents filed through the Freedom of Information Act, mailing two people disks containing employees’ personal data, such as Social Security and driver’s license numbers and home addresses, which the commission thought it had removed.

“Unfortunately, through an error here, the disks were sent out before the information had been properly redacted from the documents,” said David Ernst, a spokesman for the commission.

While the state declined to reveal the identity of the two people who made the requests, Ernst said the information on the disks had been compiled by the Long Beach Civil Service Commission and sent to the state commission in response to complaints about the city commission’s operations. The state commission is reviewing that information as part of an ongoing investigation into the Long Beach commission.

In October, when one of the recipients realized that the disks contained personal information, she alerted the state commission, Ernst said. “The individual that was in a position to misuse the information instead told this department, pointed out the error and immediately returned the disk to us,” he said. “We think that person was operating in good faith and have no reason to believe otherwise.”

The state commission contacted the second individual to tell her about the mistake, and she returned a disk unopened, Ernst said.

The state commission notified city employees about the security breach in a letter dated Nov. 13. Written by Information Security Officer Gail Berley, the letter stated that the agency had "investigated and found no reason to believe that any of the personal information was viewed by anyone other than the person who reported the incident to us. Nor do we believe that any of the information has been used for any improper

purpose."

Page 1 / 2