A Peoria City attorney said she alone decided to wait more than a month to tell dozens of employees the city released documents containing the sensitive personal information in a botched Freedom of Information Act request.
A senior city attorney admits she alone made the decision to wait more than a month to notify dozens of city employees that their personal information — everything from Social Security numbers to credit cards and bank account details — was mistakenly released last December.
"I made that decision, and it was based on the fact that we knew who had the information. I did not believe the person who had it would use it inappropriately," Kimberly King said Thursday, a day after the Journal Star revealed an information breach that surprised City Council members.
King says personal information on 64 city employees was mistakenly given to another city employee when she used the Freedom of Information Act to request a list of all city employees covered under the American Federation of State, County and Municipal Employees (AFSCME) Local 3464 contract who participated in the city’s tuition reimbursement program between Jan. 1, 2001, and Dec. 31, 2007.
In addition to the request, however, the woman also was given information on fire and police employees, including Fire Chief Kent Tomblin.
The woman, who asked not to be identified for fear of retribution, is among those whose information was released. She initially asked for the information because her own tuition reimbursement was denied, and she’s aware of numerous other city employees whose tuition had been reimbursed.
"We were making the contact by phone and mail to whom the information was released," King said Thursday. "(AFSCME) was making that contact with the individual. My belief was the information was going to be returned, and when I was certain it would not be returned, we notified (those who were affected)."
But why the one-month wait, especially since King knew as of Jan. 16 the woman planned to keep the information until her issue was resolved?
King defended her timing, saying she was hoping repeated requests by both herself and the woman’s union would get the documents back.
"When I heard back from the union that they had asked for the information and were told no … that’s when I sent the letter."
She said if there was a threat that the information had been "widely disseminated," she would have sent a notification to those affected sooner. King said she mailed the letters Feb. 13.
King’s boss, city attorney Randy Ray, said Thursday he thought she had notified employees in mid-January.
"I knew there was a breach, but I guess I didn’t know that the letter wasn’t released," Ray said of a Jan. 15 letter that King drafted but never sent to employees. Ray refused to discuss that issue more, but he did stress: "It’s not fair to assume that mistakes like this have been made in the past."
Interim City Manager Henry Holling said he will work with King to make sure this doesn’t happen again by adding another layer of oversight before information is released.
Holling said he wants to reaffirm to each department’s FOIA coordinator "the gravity and seriousness" of their role in issuing information. He said he doesn’t believe department heads need to be involved in overseeing FOIA requests.
King said Holling or the City Council is in charge of determining if any disciplinary action is needed against those involved. Holling said he isn’t going to make any "knee jerk" reactions and will review this matter more before deciding what action needs to be taken.
"No question, a serious error was made," Holling said. "But I’m just as concerned about the sensitivity and the feelings and work effort in the future of those people who might have been involved."
King said one new safeguard is that all FOIA requests will now be reviewed by the city’s legal department.
Janet Tomlins from the city’s Human Resource Department admitted in an e-mail to the woman employee that "in asking a co-worker who is involved in that process to provide the information, I did not review it prior to giving it to you."
Council members who could be reached Thursday said the city needs to make sure more safeguards are in place to prevent future breachs.
"We need to make sure the communication is open and transparent to employees if this mistake occurs," at-large Councilman Ryan Spain said. "If a mistake occurs, we have to communicate to employees immediately."
At-large Councilman George Jacob said he is "very, very disappointed this happened. This certainly is not the way we should be handling information. Period."
At-large Councilman Eric Turner said he anticipates the matter will be discussed during Tuesday’s council meeting. He said he would like to see the city pay for an insurance against identity fraud that protects employee’s personal information.
"We made a mistake," Turner said. "To do nothing is immoral when it’s our mistake."
Mayor Jim Ardis did not return calls for comment.
Jennifer Davis can be reached at 686-3249 or firstname.lastname@example.org. John Sharp can be reached at 686-3282 or email@example.com.