Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Phoenix VA Health Care System
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on July 18, 2014. Also cited in 102 other reports.
Report ID: PSETS0000106750, U.S. Department of Veterans Affairs
Reported Entity: PHOENIX AZ - 644
Issue:
Today, 07/18/14, a VA employee reports to the Privacy Officer (PO) that her leave donation form with personally identifiable information (PII) was emailed without her permission to the leave recipient and his/her timekeeper. The sender told the employee that the recipient is entitled to a copy of the donation form and the timekeeper should maintain the form on file for audits. The employee was told that anonymous leave donation was not permissible. The employee is aware that name, position title, and office telephone number on form is not protected information. She questioned why this other personal information was disclosed: full Social Security Number and leave hours accrued/forfeiture projected. There is a Privacy Act statement at the bottom of this OPM form. Additional notification and investigation, to ensue.
Outcome:
07/21/14: The PO discussed with Human Resources (HR) Chief. She has assigned this to a new staff member for investigation and discussion with PO. 07/22/14: The Data Breach Core Team determined that a general notification letter would be sent to the employee.