News Group chief responds to Berkeley privacy breach

The Bay Area News Group maintains a database of public employee compensation records. Click the image to search the database.

The Bay Area News Group maintains a database of public employee compensation records. Click the image to search the database.

Following this week’s disclosure by Berkeley city staff that roughly 11,000 municipal employee social security numbers had been erroneously divulged to a local media outlet in March, the media outlet’s managing editor said Tuesday that he doubted the data could have been compromised, though it had been “passed around” by employees over email.

Bert Robinson, managing editor for the Bay Area News Group, said the news outlet collects public employee salary and benefit information each year for an online database that is “very popular” on the company’s website. Reporters send 900 requests each year to public agencies to collect data for the project. Robinson said this was the first year “usable information” had been received from Berkeley.

Berkeley City Manager Christine Daniel said April 19 that her staff had responded to the Bay Area News Group (BANG) request in March, then realized in early April that social security numbers had been mistakenly included in the file. City staff let BANG know about the error, and BANG agreed to destroy the information. Last week, the city sent letters to about 2,000 active staff members to let them know about the security breach; this week, the city plans to send another 9,000 letters to retired employees whose data was included in the file.

Bert Robinson, managing editor of news at the San Jose Mercury News. Photo: Courtesy of Patrick Tehan/Mercury News

Bert Robinson, managing editor of news at the San Jose Mercury News. Photo: Courtesy of Patrick Tehan/Mercury News

(Robinson said Tuesday that BANG had only asked for data for current employees when it requested information from Berkeley.)

Robinson said BANG asks public agencies to send back a spreadsheet or data file that includes a particular set of information in it when they turn over their data. Berkeley “did not give us a data file that was in the format that we requested. I assume they just did what was easier, to give us an existing data file that they had. They didn’t notice when they sent it to us that it had all these social security numbers in it.”

And neither did BANG, said Robinson. Berkeley city staff discovered the problem before BANG realized what was in the file, then asked BANG to destroy the data.

“We said, ‘Sure.’ We don’t want the social security numbers,” he said. “We’re not trying to steal anyone’s identity. We just want to put salary and benefit information on the web.”

Robinson said BANG consulted its internal technical team to find out how to eradicate the information from its servers altogether.

“The material was on our system and had been passed around,” he said. “We asked them, ‘How can we purge this data file completely from our system?’ They told us what to do and that’s what we did.”

Robinson said it was primarily two staff members, who collaborate to build the database, who would have had access to the file, which had been emailed by the city of Berkeley to BANG.

He said he didn’t think it was likely that a hacker would have been monitoring BANG’s servers to find social security numbers, as it’s not the kind of data that would typically be stored on a newspaper’s computer system.

“It was only in our possession for a very short period of time,” said Robinson. “The people who have social security numbers stolen tend to be from companies who maintain databases of social security numbers. You can understand how someone would go hack the bank because they know the bank has certain kinds of records. But these are not the kind of records we would normally have, so it doesn’t seem logical that a hacker would have thought to look for them.”

Berkeley shared SSNs from 11,000 current, past staff [04.23.13]
City apologizes for inadvertent release of employee SSNs [04.22.13]

Would you like a digest of the day’s Berkeley news sent to your inbox? Click here to subscribe to Berkeleyside’s free Daily Briefing.

Print Friendly
Tagged , , ,
Please keep our community civil. Comments should remain on topic and be respectful.
Read our full comments policy »
  • bgal4

    >Robinson said this was the first year “usable information” had been received from Berkeley.

    that was my recollection, Berkeley data has never been included till this year.

  • EarlyMorningCoffee

    Dylon Craig is grossly underpaid.

  • Zelda Bronstein

    2010 data for Berkeley was posted on the BANG website. It’s still online. Nothing for 2011, though.

  • Judy

    Why not have Berkeleyside post this information too??? It would be a wonderful service to Berkeley residents to know how much City employees are being paid. I would like to know TOTAL compensation including overtime, medical, dental, YMCA, etc.

  • Bill N

    There is a link to the Mercury news article. Though I don’t see Berkeley posted yet. It does list all employer paid items though – I looked at EBMUD for example.

  • Judy

    Thanks Bill but people are lazy and don’t always look at links. I think Berkeleyside should ask for it and readers should demand it. Readers will see all the gaps in the information Berkeley provides compared to other cities such as OT and “other”. The City counts on the ignorance of its citizens not having the full accounting. Usually only the salary is provided and not the extra 50% or more on top of that for pensions and health care (not including overtime).

  • guest

    Judy, great question for Emilie! Emilie please help us get that posted on Bside!!!

  • guest

    How delightful to see our surly, overpaid city employees bite themselves in the sax by the very kind of lazy, ‘could care less’ response they hand out to us daily.

  • BerkeleyMom

    Well said!

  • guest

    To: Emilie Raguso…

    As you are keenly aware, providing your readers important information which is difficult to access as individuals is a critical responsibility of any news outlet, Berkeleyside included.

    Your crime reporting at Berkeleyside has encouraged many to adopt an awareness of our surroundings in public and the home security practices advocated by the BPD.

    Now we are asking for your help in posting already public information to help raise our awareness of our city’s and school’s costs and allocation of our taxes. Please post both the City of Berkeley and BUSD salaries as well as BSEP’s budget (with individual program costs. )

    Posting those public documents, here in the bright light of Berkeleyside, will have tremendous effect in empowering our community’s progress.

  • emraguso

    We’re definitely going to make an effort to do so.

  • Brad Johnson

    The problem, which nobody seems to be talking about, is that Berkeley city staff should not have access to that information in the first place. In an organization the size of the city, very few employees should be able to access full SSNs. And *nobody* should be able to get that information in an portable format.

    In other words, the fact that error could even occur is the problem and the city needs to do an audit of their information infrastructure. If I was a city employee I would be very upset.

  • Brad Johnson

    Building a tool to display this information is quite expensive. The full complexity and cost behind these things we take for granted is usually hidden to users. As a developer I constantly run into the expectation that building stuff for the web is about as complex as making a spreadsheet. It’s not.

    This *is* the kind of thing journalism orgs should be doing, but it’s often a very expensive endeavor that competes with staff salaries in terms of costs.

  • guest

    How delightful to see you paint every City of Berkeley employee with the same brush.

  • Judy

    It is not expensive and it is not complex. This is run-of-the-mill stuff. I work with very large and complex databases professionally and interface with statisticians every day. What BANG was requesting should not take very long to program especially given the limited amount of data requested. It’s only expensive if you don’t have a competent person who can generate it. Anyhow, why can every other city in California provide these data year after year but not Berkeley? Berkeley provided it a few years ago but then decided to stop. It is stonewalling.

  • guest

    Thank you very much.

  • guest

    Every one? No, just every one I’ve ever dealt with.

  • guest

    We’ve been asking for a performance audit of city departments by an outside party for years. The cost: a lot less than we waste a month. The benefit: Exposing home grown and well connected city staffers who’ve been bumped up the ranks – all entitlement and no talent…and oblivious to best practices used elsewhere.

  • guest

    “Building a tool to display this information is quite expensive”

    Not nearly as expensive as not having it displayed.

    “…but it’s often a very expensive endeavor that competes with staff salaries in terms of costs.”

    Competition (or lack of it) is precisely the problem! Without BANG’s reports we have no way to see what the salaries are and how they compete within the marketplace.