Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Northwest Network (VISN 20)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on August 24, 2011. Also cited in 208 other reports.
Report ID: SPE000000066091, U.S. Department of Veterans Affairs
Reported Entity: VISN 20 Boise, ID
Issue:
Employee A authorized Human Resource (HR) Department to release their personnel record to their attorney. In the process, Employee A's spouse's (Employee B) personnel records were also released. Employee B is also a VA employee. The HR record went to one person (Employee A's attorney) but Employee B did not authorize nor was it relevant to the case. Employee A's record with name on top was picked up and HR staff did not know that Employee B records were also there. Update: 08/25/11:It was confirmed from HR that both the DOB and SSN were on the documents released, therefore Employee B will receive a letter offering credit protection services.
Outcome:
Human Resources had already started implementation of process changes at the time of our meeting with the employee. HR is being notified of the need for action on releasing the information without validating each page that was being released prior to releasing.