State Senator Mary Lazich (R-New Berlin) represents parts of four counties: Milwaukee, Waukesha, Racine, and Walworth. Her Senate District 28 includes New Berlin, Franklin, Greendale, Hales Corners, Muskego, Waterford, Big Bend, the town of Vernon and parts of Greenfield, East Troy, and Mukwonago. Senator Lazich has been in the Legislature for more than a decade. She considers herself a tireless crusader for lower taxes, reduced spending and smaller government.
Between December 2006 and January 2008, state government suffered three breaches of privacy when Social Security numbers were exposed to the public.
During January 2008, I blogged, “A third breach of privacy in just over a year also occurred this month with a portion of 5,000 taxpayers in northeastern Wisconsin having their Social Security numbers exposed in a state mailing. A folding error enabled some of the recipients' Social Security numbers to be seen in the windows of envelopes containing federal 1099-G tax forms.”
I remain unable to fathom a situation that it is necessary to publish the Social Security number of any recipient of a state service. The third breach of privacy that occurred earlier this year led to a review prepared by the state’s highly-regarded Legislative Audit Bureau (LAB).
Since April 2008, state law has directed the LAB to establish a toll-free hotline to take reports of fraud, waste, and mismanagement in state government and to investigate reports received through the hotline. The LAB started its investigation of the January 2008 breach of privacy in response to complaints that the state Department of Administration (DOA) had not used proper oversight of contract staff provided by Spherion for print and mail services. Complaints raised questions about workplace safety, a hostile work environment, and false billing hours. DOA reported that Spherion staff failed to notice the folding error that led to up to 5,000 tax forms mailed with Social Security numbers visible through envelope windows.
One of the LAB’s findings is unfortunate. The LAB discovered that the state’s contract with Spherion did not include any provisions to collect damages for instances like the breach of privacy.
The LAB writes, “The contract had no specific liquidated damage provisions, and DOA did not elect to pursue breach of contract damages from Spherion to pay the cost of addressing the security breach, including the cost of credit monitoring for affected taxpayers. DOA noted that it was not appropriate to require Spherion to pay for credit monitoring because it believes Spherion’s overall performance has been satisfactory and the number of documents affected represented a small percentage of the total number processed.”
As for preventing future blunders, the LAB writes, “DOA indicated that it has developed standard contract terms and conditions related to imposing liquidated damages and requiring contractors to pay the costs of security breaches for which they are responsible. It plans to encourage state agencies to incorporate these provisions into future contracts, where appropriate.”
The state’s contract with Spherion expires June 30, 2009, and DOA has begun a process to solicit bids during October or November of this year. The LAB calculates as much as $616,500 could be saved in the five-year period from fiscal year 2009-2010 through fiscal year 2013-2014 if state staff filled all print and mail positions currently filled by contract staff.
The LAB recommends that if DOA continues to contract for some or all print and mail staff in the future, billing procedures should be formalized, contractors should be prohibited from billing for time new staff are trained, and contracts should include standard provisions for damages if private information is disclosed.
The LAB did not substantiate any complaints about workplace safety, a hostile work environment, and fraudulent time recording by contract staff.
Here is the complete LAB report.
I commend the LAB for another outstanding review on behalf of Wisconsin taxpayers.