Lee Schools releases thousands of social security numbers by mistake
FORT MYERS - The Lee County School District says there was "no breach at all" after mistakenly sending Fox 4 the names and social security numbers for thousands of district employees including teachers and bus drivers.
"There should be some type of recourse over this," said Lee County school board member Don Armstrong.
Fox 4 routinely puts in public records requests to get you answers and track where your tax dollars are going.
For security reasons, there are some things the district won't cough up - like school bus surveillance videos to protect kids on board or employees' personal information.
But when we began researching the district's finances we received a CD, which we paid .50 for, that contained invoices from 2009. Anybody who expensed something and received a paycheck that year is on the list - along with something else that should have been redacted: social security numbers.
"That's probably the most serious piece of personal information that you have is your social security number," said Larry King with the Lee County Sheriff's Office. "It's extremely serious when it gets out to the public."
To make sure we were looking at social security numbers Fox 4 called a few teachers on the list who confirmed it was their personal information. Several teachers said they were angry their private information had been released to us.
"As simple as they gave it to you yes" it concerns me, said the husband of one teacher who didn't want to be identified. "Somebody's not doing their job whoever gave you this information."
That information was redacted in a similar 2008 report posted on the district's Web site.
So why wasn't that done with the 2009 report, which isn't posted online?
'No breach at all'
"First things first we want to return this to you," said Fox 4 reporter Matt Grant after handing the CD back to school district spokesperson Joe Donzelli last week.
"Thank you sir," said Donzelli. "I appreciate it."
When the disc was in Fox 4's possession we did not make copies of it nor did we share it with anyone else. The disc was kept in a secured location locked up at all times.
But what if we hadn't noticed the social security numbers and threw the disc out?
"This seems like a massive privacy breach," said Grant.
"I wouldn't go that far," said Donzelli. "Simply because the only people who received it were you. And unless you did anything illegal with it it's no breach at all."
Donzelli says he discovered the mistake around the same time we did. He says the district used to identify employees by their social security numbers for payment purposes but says that's no longer the case.
"How could this happen?," asked Grant. "It seems like somebody didn't do their job and didn't redact this."
"I would agree with that," said Donzelli. "Simply the individuals that cut the reports that provided them to me were operating under the false assumption that social security numbers are not part of any reports."
"We're human," said Donzelli. "People make mistakes."
But Armstrong says this is more than a mistake it's a breach of trust.
"This should have never happened," said Armstrong. "It's unacceptable."
The district isn't punishing anyone. Instead they are using this as a "learning opportunity." Because of what happened, Donzelli says they are putting in place a new public records policy to make sure every report released to the public and the media will be double checked.
"It was a mistake," said Donzelli. "Thankfully it's contained. And we're going to make sure it doesn't happen again."
Read the district's letter regarding this incident sent out to faculty members here
Matt Grant, Reporter