Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
Kathy Otermat GDPUD Meeting Transcript

Kathy Otermat GDPUD Meeting Transcript

|Views: 114|Likes:
Published by evelynvdr

More info:

Published by: evelynvdr on Sep 04, 2012
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





Transcript: GDPUD Special Meeting August 21, 2012
: Special Meeting August 21, 2012
Georgetown Divide Public Utility District
Call the meeting to order. It’s about 2 minutes after 6.
 (Pledge of Allegiance)OK, start out, I guess, the #2 on the Agenda is the adoption of the Agenda. Entertain a motion toadopt the Agenda unless there is anyone has anything to add to it? (Moved by Krizl, seconded byNeeley) Moved and seconded to adopt the Agenda as submitted? Public comment? All in favor sayAye. AYE. Now since I have
to read this I’d better get my glasses
on. Public Forum. This is aSpecial M
eeting under Gov’t Code Sec 54956, and there’s a “3” missing from there. Public comment
is limited to items appearing on the Agenda, Under Section 54954.3 the public shall have the right tocomment on either any items appearing on the Agenda prior to or during consideration of the items.Public comment on items not appearing on the Agenda should be made at the regular meeting of theDistrict. So, would anybody in the public like to comment before we begin? (No comments.)
a first! Ok, moving along.
Consideration of complaints found by StationaryEngineers Local 39 and district employees concerning removal of private and confidentialinformation from the district office, letter from District Counsel and related issues.
There’s a
Section A and B basically having to do with this. I guess this came about initially . . . I got a lettervia email from Bill Wright regarding Kathy as Treasurer
requested some backup information forchecks that she was to sign on August 8
. And as a consequence there was allegations at least of copies or photographs made of personal personnel information, and then of course that left whenKathy left. So, there are several requests, both from the local Union and from our Counsel.Basically this had to do with removal of information, and I think the copy of the letter that Bill wrote
is only the first page of that. It’s on the back. So maybe the way
to do this is just to read that into therecord, and this was sent on August 14
. And this is regarding the removal of confidentialinformation from the GDPUD office, and the letter written by Bill to Kathy Otermat.
We have received several complaints from GDPUD employees who saw you onWednesday, August 8, 2012, apparently copying and photographing personal employee information
and confidential GDPUD information, which you had requested to review as “backup” information
or checks you signed in your capacity as treasurer of the GDPUD Board of Directors. As you have no authority to remove confidential information from the GDPUD premises, we are
extremely concerned about the security of our employee’s personal information and other 
confidential GDPUD information.
 Please provide a written explanation of your purpose in requesting access to the “backup
information and an explanation and description of what information you copied, transcribed or hotographed.Please also provide a copy of every piece of information that you transcribed, either electronically or by hand, and provide copies of all photographs you took at the GDPUD office on August 8. In addition, please provide an explanation, description and copies of all employee information,
Transcript: GDPUD Special Meeting August 21, 2012
invoices, and other documentation you have requested as “backup” in your capacity as treasurer of 
the Board, which you have copied, transcribed or photographed in the GDPUD office at any time inthe past. -
This is written by Bill Wright.On the 13
there was apparently received a letter
and I didn’t
get a copy until sometime later -from Chuck Thiel from the Stationary Engineers Local 39 International Union of Operating EngineersAFL-CIO, and this is addressed to the Board of Directors.
It has been brought to our attention that on August 8, 2012, Ms. Kathy Ottermat (sic), inher capacity as Treasurer of the Georgetown Divide Public Utility District, took photographs withher personal camera, pictures of documents containing employee social security numbers and other sensitive data protected by State and Federal privacy laws. Now while within her capacity asTreasurer she may have access to that information, taking personal photographs of this dataeopardizes its security and exposes the District to immense liability. This action, while not illegal,
was extremely foolhardy and thwarts the District’s attempts to protect such private informationwithout negating the District’s liability and legal obligation to protect such information. If Ms. Ottermat’s (sic) camera, SD card or computer are lost, stolen or used by someone other than
an authorized District employee (i.e. Photo processor, computer repair service) a data breach willoccur and the law requires employer to take certain actions to minimize the possibility of identitytheft. I would suggest that the Board of Supervisors
(sic) consider taking steps to restrict suchactions from happening in the future and that Ms. Ottermat (sic) be ordered to destroy all copies of rivate employee information in her possession immediately. Furthermore, due to this bizarreviolation of normal business practices, we are asking the District to take proactive steps to protect employee information through the purchase of an identity theft protection service such as LifeLock.
 Industry professionals state that a person’s identity should be monitored for at least 18 months due toa “data beach” and the District should purchase such a plan for at least that long.
 Thank you in advance for taking effective steps to prevent any reoccurrences of this type and takingappropriate action to prevent any harm caused by this data breach of private information. Pleasenotify me of the District intentions no later than September 14, 2012
.So as a consequence of 
this it seems like there’s three actions the Board can consider, and how we dothis I don’t know. But, take steps to destroy or otherwise eliminate all copies of private and employeeinformation. Since this exists in digital form I think that’s basically
impossible. Second, protectemployees by purchasing LifeLock or something equivalent to that, for 18 months. And, then, three,prevent similar actions in the future. So, I guess the question is: What do we want to do with this?The action of purchasing LifeLock or some other thing for the employees to prevent this personalinformation from ever being released seems in my opinion a minimal thing, and also preventingsimilar actions in the future.
Could we ask Hank to describe what the employees have had to do or the impact upon them, oncethey realized that things were being photocopied?
Can we also talk to see if the allegation is even true?
Well, the issue is . . . we can go into that, but the issue being, if that was an issue, this is a week later.
It’s not a week later.
Transcript: GDPUD Special Meeting August 21, 2012
It’s a week from the time the letter was sent out.
I would like us to present everything, and then Kathy rebut everything.
You’d rather have the lynch
ing and then the investigation?
Yea, let’s put this in terms of 
the most apt to get people throwing brickbats at us. That would
certainly help things. (Speaking to Kathy) I didn’t do this, you did this.
I’d like to hear what’s
happened with the employees. Have they had to make changes, take steps, etc?
Can I add to that?
Chuck’s letter talks a little
bit about the procedural issues. Talk a little bit, if youwould, about the liability concerns that the District has and why the District has to take certain stepsto protect the employees in the event of a
breach of their personal information and security.And the responsibility that the District has to take in order to minimize that, in order to protect theDistrict, and the employees.
I think Bill can speak to the legal requirements of the District protecting the employees. But if thereis a security breach, the District is required to take certain steps. What has happened at this point issome employees have signed up for LifeLock coverage. Reports have come back to me of flaggingtheir bank accounts or freezing their bank accounts or savings accounts, or other activities that theymay have spoken to me, include contact with PERS to just get information about what could happen.
I haven’t kept a log of everything every individual has done. We have met several times to discuss
what their actions may be. And if the employees would like to comment on the different things theyhave done, that would be fine
. That’s what I know at this point in time.
When I was Treasurer and signed checks, similar to what Kathy is doing now, I never asked for thebackup for the personal employee deduction stuff because I thought that was kind of their private . . .So the three particular checks that some of the employees told me concern them is, one to Aflacwhich handles the insurance separate from what the District provides. Employees are entitled to signup for additional stuff if they pay for it. The checks in question were the District forwarding to the
Union the insurance or PERS the employee deductions, so this was not the District’s money going outthe door. This was our responsibility to pay for all the things that are deducted from the employees’
cks. When I came in to see what the invoices looked like to have some idea of what we’re talking
Is it a big thing, a little thing?
for example, one of the invoices to the insurance showed each
 person’s name, their social security number, the k 
ind of insurance they wanted, and then the charge.And, so, I think the alarming part to employees, without knowing what, if or why, is that socialsecurity numbers and their name, once leaked, never really come back. They can be sold, people cando t
hings. I mean, it’s scary, because with computers you don’t know what can be done. Maybe
nothing can be done. Maybe she just took it and took it home, but what if? And so, the biggest
question is “
What if?
What if somehow the information slipped out?”
because each of the formsshowed exactly the person, the kind of insurance, even their accounts for additional retirementseparate from PERS. Like we talked about in the past about people questioning bills, ICMA account,
that’s a separate retirement th
ing that he contributes to, but we forward his deduction. So one of thechecks was to a company that handles these various additional retirement accounts. Again, socialsecurity number, name and the amount the person is contributing to these various kinds of things. Soeven if the information is never leaked,
very private. People expect that information to be
 protected. I think half the employer laws require that we protect certain things. We certainly don’t
give out social security numbers and names and lists. I understand some of the employees are reallynervous because some of them have been stuck in this situation before where an ex-wife or an ex-friend or something gets mad at you, takes your information, messes with your credit. So it
’s just the

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->