Bullying is not an appropriate breach response

I recently posted what I considered to a stupid lawsuit – one where the party that had a breach sued the hapless recipients of the breached information.

Today I found another example of bullying and threats in response to a breach.  It seems that an employee of Tooele County made an error years ago and misfiled documents with about 200 employees’ names and Social Security numbers in one employee’s file.  Years later, when that employee retired and requested a copy of his files, they scanned everything that was in his folder – including the misfiled documents – and sent it to him on a CD.

The recipient contacted the state’s attorney general when he realized what he had been sent because he was concerned that if he just turned the CD over to the county, the breach might get swept under a rug.  The AG’s office wouldn’t accept the CD, however, and referred him back to the county. And then, according to the Salt Lake Tribune:

“We contacted the AG’s office, and they then contacted Mr. Brozovich and essentially told him what he could be facing,” [Public Information Office Wade]Mathews said.

Brozovich was advised that he could be charged with a felony — punishable by up to five years in prison — if he kept the identifying documents he knew he wasn’t meant to have.

“We appreciate his cooperation and that of the AG’s office,” Mathews said, adding that no charges would be brought against Brozovich.

Why was there any need for the county or AG’s office to threaten the recipient when he was obviously trying to do the right thing?

Enough already, folks. Stop the bullying. Stop the threatening. If you screwed up, apologize,  profusely thank the person who contacted you, and offer to come retrieve the information at their earliest convenience.

About the author: Dissent

Has one comment to “Bullying is not an appropriate breach response”

You can leave a reply or Trackback this post.
  1. IA Eng - March 29, 2013

    Next time, simply smear it via the press. Since the AG can’t handle taking the CDROM and shreding it, maybe they will have better luck at dodging what other issues they may have ignored in the past. like anything else – if there is one count of neglect, there are bound to be many more.

    The threat seemed more like a “don’t bother us with trivial matters son ! We have other pressing matters to attend to…”

    Many are bound to ethical behavior – NOT pathetic behavior. All it would have taken is 15 minutes of some ones’ time to take the CDROM, listen to him and he would have walked out. No harm no foul. So you’d miss 15 minutes of your favorite soap opera. wooopie.

Comments are closed.