Computer disk with Personal information of Site employees lost

Computer Disk with Personal Information of Site Employees Lost

IDAHO FALLS - Personal information for thousand of current and former Idaho National Laboratory employees may be at risk.
The Department of Energy's Office of Health, Safety and Security said a computer disk containing information like first and last name, date of birth and social security numbers, was lost during shipment on January 30.
The DOE said the disk is password-protected and there is no evidence that the personal information on the disk has been compromised.
However, they are advising workers to take precautions to protect their identities.
The Office of Health, Safety and Security is working with UPS, which was transporting the disk, to recover the disk and make sure the data is secured.
Idaho's Congressional Delegation is calling on the Department of Energy for improved security measures regarding employees.
"It is unacceptable that information including Social Security numbers, date of birth and other personal data could be lost in this fashion," the Delegation members said. "We are encouraging the DOE to follow through on plans to protect the credit histories and other personal liability for the employees involved. In addition, we call on DOE to take the proper security precautions to ensure this kind of incident never happens again."
The information was originally generated by INL to support a medical screening program for former workers who could have been exposed to hazardous materials on the job. The data contained information on past and present employees who worked at DOE's Idaho facilities prior to 2006.
Idaho National Lab then provided this information without incident to Queens College, who is supporting DOE's Former Worker Medical Screening Program.
The Idaho National Lab transmitted the data requested by Office of Health, Safety and Security in accordance with the data protection standards of the Department at the time, and instructed the subcontractor of the Department's rules for protecting private data.
While in its possession, Queens College shipped a password-protected computer disk to another program contributor, the CPWR - The Center for Construction Research and Training, formerly known as the Center to Protect Workers' Rights, (CPWR), as part of the ongoing program. This computer disk was shipped overnight using UPS. On January 30, 2009, UPS notified Queens College that the package had been damaged in transit and its contents were currently missing.
Office of Health, Safety and Security is conducting an investigation of this incident to evaluate the adequacy of the procedures being used by contractors, subcontractors, and other program contributors for transmitting worker privacy information and for timely reporting of such incidents when they occur.
Frequently Asked Questions About Employee Information CD Loss
How do I know if I was affected? The lost CD contained personal information for anyone who ever was issued a badge to work at DOE's Idaho site from its inception in 1949 until the data was provided to DOE-ID in mid-April 2006. This includes employees of Argonne National Laboratory-West, the Idaho Cleanup Project, the Advanced Mixed Waste Treatment Project, interns, subcontracted employees and employees of other government agencies (NOAA, USGS) who were issued badges to work at DOE's Idaho facilities. It does not include employees at the Naval Reactors Facility, which has its own badging system.
What is INL doing to assist people affected by this? INL, DOE and its other contractors are attempting to notify by letter all current and retired employees to inform them about the missing CD and provide information for free credit alert and reporting services. INL also created a Web page to provide information.
Why did Queens College have this information? As part of the Former Worker Medical Screening Program, the Department of Energy must notify current and former employees that they may be eligible for medical evaluation. In April 2006, the DOE Office of Health, Safety and Security asked INL contractor Battelle Energy Alliance (BEA) to provide information for all employees who had worked at DOE's Idaho facilities. BEA provided information about anyone who had ever had a badge at the site, from its inception until the date of the request.
This information was provided to the Center for Construction Research and Training (CPWR, formerly the Center to Protect Workers' Rights) and Queens College, which the Office of Health, Safety and Security had hired to manage the construction-worker and non-construction-worker aspects of the program, respectively. In January 2009, those organizations prepared to send out a second mailing by revisiting the data to remove people who had already enrolled for medical screening. Queens College informed DOE and INL that it had mailed a password-protected CD containing Idaho employee and subcontractor data to the CPWR via overnight commercial delivery. When the package arrived at CPWR, it had been damaged - the disk had been separated from its case, was not inside the package and has not been located.
How many employees were affected? Data for approximately 59,000 people was on the CD.
What information was on the CD? First and last name (in some cases middle initial), date of birth, Social Security number, badge number, employer, separation date.
Why was such sensitive information needed to send people a letter? The Internal Revenue Service maintains the most reliable current address information, so Social Security numbers were used to ensure that everyone who has ever worked at the Idaho Site received Former Worker Medical Screening Program letters.
What should I do if my information was on that CD? You can register for free credit report monitoring through www.annualcreditreport.com, the federally-mandated site sponsored by the three credit reporting agencies, Transunion, Experian and Equifax. The law entitles individuals to one free credit report from each agency per year. Employees can also place a 90-day "fraud alert" on their file through the above site or by calling one of the credit reporting agencies directly at the numbers listed below.