Establishing Digital Trust: Don't Sacrifice Security for Convenience
District CFO Mike Perrone told the Ledger that the data was included in a large document that shouldn't have been stored online. The document, first created in 2000 and updated periodically, was a salary schedule -- while only the summary page was supposed to have been posted online, an employee inadvertently uploaded the full document two years ago.
The error wasn't discovered until March 12, 2014, when a member of the public came across the data and notified Polk County Manager Jim Freeman.
The file was removed on March 13, 2014.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"Of the 183 searches conducted on this file in the two years it was posted, it is probable that in 28 percent of the searches, the person conducting the search may have viewed the file," Superintendent of Schools Kathryn LeRoy wrote in a notification letter to affected employees.
The district is spending $18,500 to provide all those affected with one year of free identity protection services from LifeLock.
In a similar incident in 2013, the Ledger notes, the district sent about 200 tax forms, including Social Security numbers, to the wrong students. The district also paid for one year of free identity protection services for all affected students following that incident.