Nevada tightens payroll security
- By Trudy Walsh
- Nov 14, 2007
Nevada is stepping up security procedures for handling state payroll data as a result of a security breach.
Under the new procedures, disks must be signed for and returned to the personnel department after each pay period. Passwords will be required to read data stored on CDs. And state employee information will be correlated to unique employee identification numbers instead of Social Security numbers.
For the past three years, Nevada's personnel department delivered CDs containing employees' payroll information ' including Social Security numbers ' to more than 80 agencies for every two-week pay period. Agencies' financial officers would reconcile this payroll data against their own. The personnel department sent out more than 13,000 CDs over three years.
Jim Elste, former security manager at Nevada's Department of Information Technology, found out in June that there was no system to track the CDs and that the data was unencrypted.
Nevada officials said more than 470 CDs are missing. There have been no reports of identity theft as a result of the missing disks.
Elste says that his attempts to alert the state about the problem led to his being fired. He is appealing his termination, basing the appeal on whistle-blower statutes.
Elste argued at an administrative hearing that the missing CDs should have prompted a breach notification from either the personnel department or the attorney general, letting employees know that their information may not be safe.
Trudy Walsh is a senior writer for GCN.