Errant state email sends out personal info

The embarrassing disclosure that a state employee sent personal information about more than 4,000 people ricocheting across the Internet is the latest reminder that private data is not always as safe as it would seem.

The state Labor Department acknowledged Friday that an employee “inadvertently” sent the names, Social Security numbers and other confidential information of 4,457 people who had registered at the Cobb-Cherokee Career Center to about 1,000 people in suburban Atlanta.

Recipients were urged to delete the file minutes after it was sent out, the agency said, and people affected were told the state would provide them free credit monitoring services.

That’s no consolation for Stephen Bavington, 57, a systems engineer from Ball Ground. Not only was Bavington among those whose private information careened across the web, he also got the email containing the data. He was more than just surprised to open the attachment and find his confidential information within.

“I’m infuriated. There are privacy laws in this country,” said Bavington. “When I go to a government office to claim unemployment, I don’t expect the information to be transmitted around the planet. I want to know how this happened, and now.”

Labor Commissioner Mark Butler’s office said the file was mistakenly included as part of a “routine business service” email on Thursday afternoon, and was discovered within 10 minutes. The employee involved in sending the email was suspended pending the outcome of an investigation into how it happened.

The department also hired a consulting firm that specializes in information policy to review its procedures, spokesman Sam Hall said. But he cautioned there is little defense against this type of human error.

“It is important to note that this inadvertent disclosure, while unfortunate, is not a systemic issue, nor the consequence of an external breach of our data security measures,” he said.

Georgia residents have been on the wrong end of a recent string of high-profile data leaks.

University of Georgia officials disclosed in October that a hacker infiltrated the records of more than 8,500 current and former staffers. And Insurance Commissioner Ralph Hudgens said in November 2012 that hackers swiped the personal information of more than 28,000 residents after a computer breach at Nationwide Mutual Insurance Co.

Still, state officials say Georgia has sophisticated encryption policies to prevent the type of infiltration that took place last year when hackers breached South Carolina’s Department of Revenue and exposed 3.8 million Social Security numbers.

This week’s incident was different because it involved an absent-minded employee, not a malicious hacker.

All that is of little solace to victims of the Labor Department snafu.

“Clearly, everybody can make a mistake,” said Raymond Hickcox, who contacted The Atlanta Journal-Constitution after receiving the email. “Now that it’s out, what do you do to keep people’s information from being compromised?”

No one has reported any problems to state officials linked to the disclosure. But Bavington fears the leak could haunt him years from now.

“What are they going to do to protect me if someone picks up this information and tries to steal my identity?” said Bavington. “Who knows who got this stuff? If this winds up costing me money to fix, I’m going to be suing the Department of Labor.”