P2017-ND-079

On July 31, 2016, an employee of the Organization mistakenly saved an electronic spreadsheet containing the information at issue to an internal public server accessible to all employees of the Organization. The spreadsheet was exposed for approximately one day from July 31, 2016 to August 1, 2016. The incident was discovered on August 31, 2016. The Organization reported at least two employees accessed the spreadsheet and shared the personal information with other employees, including local union representatives. The Organization later discovered that some employees printed and/or saved the spreadsheet, and shared it externally with their union association. The Organization contacted the union association and requested the spreadsheet be destroyed and not further disseminated.

File Type: pdf
File Size: 330 KB
Categories: 2017