Robert A.

Ficano
County Executive

March 19, 2012

Dear Employee, As you may be aware, on Friday, March 19th personal information was mistakenly released as an attachment to an email to members of AFSCME Locals 25, 101, 409 and 1659. Unfortunately, this information included names, employee ID numbers, social security numbers, birth date, address and other information for all AFSCME members in those specific locals. This letter is to outline what happened and the actions our office has taken, thus far, to mitigate any potential exposure to you as well as our next steps in protecting your identity. What Happened After discussion with AFSCME leadership, the County agreed to extend the special enrollment period for healthcare changes resulting from recent contract changes. Notification of the enrollment period was to be primarily via email using the County (internal) and personal (external) emails identified in the County human resource information system. The email that was prepared to be sent was to have included a copy of the letter explaining the extended open enrollment, the benefit summary / comparison and the necessary forms. In pulling together the documents to be sent, the spreadsheet which contained the email addresses for each employee as well as the personal information indicated above was mistakenly attached to the email. The file containing the personal data was an internal working file and never meant to be sent to or viewed by anyone except the sender. This email was sent from benefits@co.wayne.mi.us. Our Response In response, our office took the following steps: 1. 2. 3. 4. Immediately recalled the email message through Outlook. The Department of Technology then confirmed that the majority of external emails were not sent due to our internal controls of large emails. Purging this email from the system will continue. A follow-up email went out indicating that the file had been sent in error and directing that the email be deleted immediately. We began the process of securing identity theft insurance / monitoring services for each of the employees whose information was compromised and have been successful in finding a company to provide coverage retroactively to the date the information was released in error (Friday, March 16, 2012).

Next Steps We are now focusing on enrolling each affected employee in the identity theft insurance / monitoring program. The County expects to automatically enroll all employees whose information was compromised before the end of this week. Further information regarding enrollment will be sent either from our office and/or directly from the service provider. Our office also hopes to set up presentations through the Wayne County Sheriffs Office and/or Michigan State Police to help employees understand identity theft and related fraud better and to learn how to best protect themselves under the circumstances.

DEPARTMENT OF PERSONNEL / HUMAN RESOURCES 500 Griswold Street, Suite 900 Detroit, MI 48226 (313) 224-7721 (877) 220-7721 Fax (313) 967-1228

Important to note, our office is currently reviewing our privacy policies and procedures to make sure that this type of data compromise does not occur again in the future. Although the act that occurred in this instance was the result of an error in attaching the wrong file to the email not realized by the sender, it has prompted us to make changes in the way we create and label files, especially those containing personal information. Protecting Yourself You can take steps right now to protect your credit and accounts immediately by placing a fraud alert on your credit reports and by contacting the credit reporting agencies listed below (only need to contact one as they each provide this information to the other two): TransUnion 1-800-680-7289 www.transunion.com Fraud Victim Assistance Division P.O. Box 6790 Fullerton, CA 92834-6790 Equifax 1-800-525-6285 www.equifax.com P.O. Box 740241 Atlanta, GA 30374-0241 Experian 1-888-EXPERIAN (397-3742) www.experian.com P.O. Box 9532 Allen, TX 75013 If you know of anyone who forwarded or printed out the personal data contained in the file, we ask that you please report this to our office immediately. Any employee who knowingly uses the information contained in the file in any way will be subject to disciplinary action up to and including termination. The County will take all steps towards assisting in the criminal prosecution of any person who mishandles the data whether it is by providing it to another party or by using the data for personal gain. Additional information and progress updates will be provided to you as they become available. If you have questions or concerns, please contact me directly at 313-224-5137 or via email at lcaldero@co.wayne.mi.us. On behalf of Wayne County and the Department of Personnel / Human Resources I sincerely apologize for this situation. Data security and integrity is very important to us. We understand the frustration, anger and mistrust you must feel. We are resolved to making sure that this type of mistake does not occur in the future. We truly hope that the steps we have taken and those yet to be accomplished will go towards regaining your confidence. Sincerely,

Livia A. Calderoni, Director P/HR Benefits Administration Division

C:

Jeffrey Collins, Matt Schenk Lisa Laginess, Deborah Blair-Krosnicki, Pam Bethume