Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security IT

Ohio Official Docked Vacation Time For Stolen Tape 218

Lucas123 writes "The missing tape, stolen from an intern's car, contained data on all 64,467 state employees, 19,388 former employees and 47,245 Ohio taxpayers. The state believes the incident will cost them $3 million. So after four months of deliberation, the Ohio Department of Administrative Services announced today that they decided to take a week's vacation away from Jerry Miller, their payroll team leader and the guy in charge of the missing data."
This discussion has been archived. No new comments can be posted.

Ohio Official Docked Vacation Time For Stolen Tape

Comments Filter:
  • by patman600 ( 669121 ) on Thursday October 11, 2007 @04:05AM (#20937339)
    So, if this cost them $3 million, and they took a week's vacation away, his yearly salary must be $156 million. I think I know where I should be looking for a job now.
  • Isn't.. (Score:4, Interesting)

    by Anonymous Coward on Thursday October 11, 2007 @04:13AM (#20937379)
    Isn't the company responsible for negligence carried out by an employee in the course of his duties...
    • Re:Isn't.. (Score:5, Informative)

      by baileydau ( 1037622 ) on Thursday October 11, 2007 @05:15AM (#20937649)

      Isn't the company responsible for negligence carried out by an employee in the course of his duties...


      Yes they are ... That is with respect to any external parties that may have been harmed.

      Even though the company is liable for any negligence, they have the option of internal sanctions against any negligent employee.

      That's why he only got docked 1 weeks holiday, not the entire $3M
  • by Anonymous Coward on Thursday October 11, 2007 @04:20AM (#20937415)
    Imagine what would have happened to him if he'd been busted sharing a couple of dozen copyrighted songs online. Probably would've had his sick-leave cancelled too.
    • That's terrible, next time he gets the flu he'll be forced to come into the office and infect everybody there...
    • by BVis ( 267028 ) on Thursday October 11, 2007 @08:04AM (#20938661)
      Hmm.

      Allow personal information on tens of thousands of people to get out due to massive incompetence, costing the state millions and potentially ruining the credit of everyone whose info was on the tape, lose a weeks' vacation.

      Share music online at no cost of any sort to the copyright holders, and then get railroaded through an ignorant and corrupt legal system, and get fined several times your yearly salary.

      Is Canada hiring?
  • by MadJo ( 674225 ) on Thursday October 11, 2007 @04:24AM (#20937425) Homepage Journal
    Take away 1 week of vacation time?
    If I screw up that bad at my work, I'd be facing a discharge...
    • by ritesonline ( 1155575 ) on Thursday October 11, 2007 @05:17AM (#20937667) Homepage
      What more do you want?

      Sounds like the guy's a long timer who was doing his job and now has to carry the can to protect his pension.

      From the article: "The tape was pilfered in June from the car of an intern responsible for carrying data used by the Ohio state government's computer systems...described Miller as a "stellar longtime DAS employee" and said he has been forthright in acknowledging his role in the "management glitch" pertaining to the stolen backup tape."

      This wasn't some guy who took a company laptop home to play games, it was his responsibility and no extra security was provided for him to do his job. Would you like everyone else robbed at work to forfeit leave or be sacked? The "management glitch" is probably that his bosses wouldn't stump up for secure transport of the tapes.
      • by HeWhoMustNotBeNamed ( 1058944 ) on Thursday October 11, 2007 @07:59AM (#20938621)
        I worked in the same division as Jerry years ago. At the time he was silo'd (not his choice) in a $40 million failed attempt to replace the cobol-assembler payroll system with an "off the shelf" Dunn & Bradstreet mainframe product. The project was called HRMS. It went on for something like 18 years. Each year the folks several positions above Jerry kept pushing for more funding to get it completed. For 15 years they were "just a few more months" away from completion. Along came Y2K and in mid 1998, the external auditors finally got the message above to the cabinet that come 2000 the payroll system would cease to function. Due to HRMS always being 6 months from completion, any budget that was tied to maintenance of the cobol system got sucked away into the HRMS void. Jerry would often just smile to our questions about the status of the HRMS, he wanted to say what wasn't right about it, but kept quiet to keep his job.

        So, in 1998 with backs up against the wall and through some heroic effort on the part of Bob Cruse's staff, the cobol system was given enough resources including myself to remediate the system.

        You would think that in 2000 they would have pulled the plug; nope, and that's a reason I left. Instead it was 2001 or 2002 that they finally called HRMS suck cost. Jerry had fewer options being a state life'r; to get his pension he needed to stay for 30 yrs.

        Immediately following the disolution of HRMS, they took the same architects involved in HRMS and tossed in additional incompitent pointy hairs and created the OAKS project.

        My former boss was added to the group and one of his backup strategies was to take our network backs home on tape. Sound familiar? We secretly revolted and instead sent them to another state office.

        That is what I know about Jerry and now I'm going to guess and say this went above Jerry and he's taking the fall.
      • I want someone's head on a plate. Maybe not the intern, but someone should be kicked out the door. Myself, my brother, and my mother all got notices our names were on that list. Being a recent colledge graduate starting out into the workforce, having a credit monitoring service is a pain in the ass due to all the new lines of credit I am opening, along with student loan repayments. My brother is still in college 5 hours away in Pittsburgh, and really doesn't need to be concerned by things like that eith
    • Re: (Score:2, Funny)

      by bronney ( 638318 )
      If I screw up that bad at my work, I'd also be facing a discharge...
      • Re: (Score:2, Funny)

        If you've got problems with a discharge then you should probably change your medication.
      • by MadJo ( 674225 )
        Euhm, what exactly do you mean?
        Did I make a mistake in language? (I'm Dutch, English is not my first language)

        What I meant was that I'd probably be fired.

        If they would take away 1 week of vacation time, I wouldn't feel it. I have enough vacation time left, and no way of taking any vacation. (I have almost more work to do than time to do it in, for the next few months)
    • Re: (Score:3, Insightful)

      by Opportunist ( 166417 )
      You, me, pretty much everyone in the private sector, I'd say.

      But hey, that guy just lost data, not something important. Considering the way our other officials hand out our data like candy, that blunder is just a nuisance because, well, the general population got to know about it. So they had to do something about it.

      Think Sony and rootkit.
    • You might be, but if you were a long time, valuable employee with a great deal of corporate knowledge, and it was determined that you were not necessarily given all the tools to carry out your job, you'd probably get something like this to. Especially if you owned up to it and helped to try and get things back on track. People screw stuff up all the time - often to the tune of 6 and 7 figures in total effect on a large (i.e. billion $) organization. The need for retribution is often tempered by the reality
    • And let's face it, a week of vacation time is pretty lame. Most people don't get to take the vacation time they accrue, so I doubt this guy's going to miss it in the least. This is a hangin' offense and they're shaking their finger at him saying "Bad boy! Don't you do that again!"

    • Re: (Score:3, Insightful)

      by Sloppy ( 14984 )

      If I screw up that bad at my work, I'd be facing a discharge...

      Yeah, that's probably the usual case.

      But you're thinking in terms of an employee. Imagine you're a manager (I mean Jerry Miller's boss, not Jerry Miller the manager of the intern). One of your people just did something horribly destructive. Something has to be done, but think: what is there to gain by firing him? Miller has already soiled his pants and he's probably not going to make the same mistake again.

      The question you face is, was

  • by rolfwind ( 528248 ) on Thursday October 11, 2007 @04:27AM (#20937449)
    would feel a bit differently if they are one of those who will get victimized (ID theft for one) as a consequence of this slip up. It may yet happen.
    • Re: (Score:2, Insightful)

      by diggsIt ( 987979 )
      My information was on that tape, and yes I do feel differently about it. The State of Ohio has provided a credit authorization service for one year. After that, I'll have to pay for it. It won't be long before almost everyone is compromised. The more the better as far as I'm concerned. Congress will only take appropriate action when enough people have been burned. I should be able to freeze my credit without paying for the priveledge. The Credit Industry makes the rules. Congress takes their money a
  • Wrong punishment (Score:3, Insightful)

    by El_Muerte_TDS ( 592157 ) on Thursday October 11, 2007 @04:30AM (#20937461) Homepage
    Tired and stressed people make more mistakes. Without vacation he will make more mistakes.
    • by BadAnalogyGuy ( 945258 ) <BadAnalogyGuy@gmail.com> on Thursday October 11, 2007 @04:32AM (#20937473)
      Without vacation he will make more mistakes

      It's okay. He's from the government.
      • Re: (Score:3, Interesting)

        by Durrok ( 912509 )
        My father works for Heidelberg (Big printing press company) and does copier repair. When he installs a new copier at a government facility he has to be sure to arrange it so he is done before noon because the managers at the site will usually tell him "Oh it's after lunch, our employees are tired. Come back tomorrow." Everyone is usually playing solitaire or hanging out by the water cooler. You wonder why government projects take so long and usually go over budget..
    • Re: (Score:3, Insightful)

      by mgblst ( 80109 )
      Yeah, but this guy isn't making mistakes because he is tired or stressed. His problem is pure incompetence. It is not like he can be more incompetent, because he didn't get enough rest.

      This is a joke, and a big problem in our society. Incompetence is rarely punished, something that you see all the time in the political world.
      • the last thing they want is for him to be showing up to work more often.
      • by MMC Monster ( 602931 ) on Thursday October 11, 2007 @06:42AM (#20938083)
        This guy didn't make a mistake at all. He was following orders. The ones that made the mistake were the ones that told him to take the tapes home.
        • This guy didn't make a mistake at all. He was following orders. The ones that made the mistake were the ones that told him to take the tapes home.
          Which is why the guy who told the intern to take the tapes home just lost a week of vacation. RTFA.
      • by v1 ( 525388 ) on Thursday October 11, 2007 @07:12AM (#20938255) Homepage Journal
        Without more information it's hard to say exactly what happened. I could just picture this guy having "transport backup tape to offsite storage on your way from home" as part of his job duties. I used to do that for a company I worked for. I threw the tapes in my passenger seat and drove to the other location and dropped them off at the other office on my way home.

        I could REALLY see how if I, say, stopped at a gas station on the way between the two to get gas and a galon of milk as I do sometimes on my way home. I leave the truck locked even when walking into the quick-e-mart for a minute to get the milk and pay for the gas, but even with that it's possible someone could break into my truck and steal anything that was convenient for a "smash and grab". There's nothing else in my truck that's not nailed down that would make an attractive item to quick grab, so those tapes would probably get snatched for lack of anything else to show for the theft.

        I would not want major sanctions for being a victim of that theft, and arguably there's not much more you could have expected of me.

        Do not hold the peon responsible for the company's unwillingness to provide appropriate security and to place a potentially very big onus on one lone employee, in the interest of saving a few bucks. VERY few businesses are willing to provide adequate protection under such circumstances. Mostly only those that are required to do so by law or agreement. (banks, companies handling credit card numbers, etc)

        Now in such a situation, had I not even bothred to lock the truck, that doesn't make the theft any more legal, and unless there were some company policies in place saying "employees transporting backup tapes must leave their vehicle secured whenever unattended" (which until this happens once, you can bet the policy does not exist) then even in that case the employee should bear no additional responsibility,
    • by FredDC ( 1048502 )
      If anything, they should give him more vacation!

      If he screws up this badly, more work (and more opportunities to screw up) is the last thing you wanna give him IMHO...
  • by suv4x4 ( 956391 ) on Thursday October 11, 2007 @04:36AM (#20937489)
    But of course, it's all about the revenge. Water droplets? Arm/leg twister? Acid (.. music)? Tazers! It sure will help with the lost records!

    From personal experience, trying to do more work and cut off your vacation is the most sure-fire way to bring your work quality and productivity down.

    Are they trying to set him up to lose another tape?
    • I don't care what happens to the guy. I care what happens to the data. While torture is entertaining, it rarely if ever has the desired effects.

      I want not him but his superiors to hang from their nuts who made the whole blunder possible. How can a single person lose data?
  • Gee. (Score:5, Insightful)

    by skulgnome ( 1114401 ) on Thursday October 11, 2007 @04:37AM (#20937491)
    I wonder how much those four months of deliberation cost them. All that work just for some petty punishment. (of course you yanks only get like six days of paid vacation a year, so maybe it's harsher from your perspective, lol.)
    • I wonder how much those four months of deliberation cost them.

      Well, I strongly doubt that they spent the entire 4 months deliberating this one issue. They probably had a couple of meetings where that was one of the topics in the bigger picture of how to handle all aspect of the data breach.

      of course you yanks only get like six days of paid vacation a year, so maybe it's harsher from your perspective, lol

      It's a government job, as a rule the public sector has a lot of paid vacation. It's just the private sector where its been chiseled away into "flex time." With his seniority he probably had 4-6 weeks of paid vacation.

    • Re: (Score:3, Insightful)

      by TubeSteak ( 669689 )

      I wonder how much those four months of deliberation cost them.

      Probably not very much.
      If you've any experience with bureaucracy, when they say stuff like "4 months" they really mean "we took 4 months to schedule the 1~3 meetings required to reach a decision."

      All that work just for some petty punishment.

      Like I said, they probably didn't do much work. For all you know, they took 4 months just to let the original issue fade so that their 'punishment' wouldn't get pulled into the national news.

      I'd look at the "petty punishment" as something they felt compelled to do, because to do otherwise would be to admit outrig

  • $3 million? (Score:4, Interesting)

    by Palpitations ( 1092597 ) on Thursday October 11, 2007 @04:46AM (#20937527)
    Okay, so the state thinks it will cost them $3 million. That's all well and good, but the real damages from this security breach will likely be much, much greater.

    We're talking about personal information for 131,100 people here. ID theft being all the rage these days, and assuming that all these people are screwed, $3,000,000 comes out to just over $22 a person.

    I doubt that every last person getting targetted will be the case... And I have no idea what the average ID theft victim ends up losing (I imagine that's hard to quantify - with direct losses, the time and money spent repairing the damage, and the impact on your credit history). Even so, I think a lowball estimate would be 25% of these people getting cheated out of an average of $3,000 or so. That right there is a little over $98 million.

    Now then, I'm the first to admit that I could very well be grossly overestimating things... But really, come on now - a weeks vacation for what could potentially cost the state and it's citizens over a hundred million dollars? Hell, if I could get away with that kind of misconduct with penalties like that, I might just "steal" that tape from myself.
    • by aclute ( 94263 )
      The $3 million dollar number is not the potential liability for credit fraud. That number represents the cost of the premiums that the State is going to pay for Credit Fraud insurance for any person's whose data was on the tape.

      All persons were sent a letter offering them the insurance.
    • The $3 million is the cost of a program the state created in response to this which allows anyone affected by the theft to get free identity theft insurance. It's actually a relatively reasonable response by government (don't worry, I'm not used to that).
  • A week? Isn't that about half an annual allowance in the US? </troll> /me is smug with 27 days.
  • Will we really have to wait for every ID in US to be stolen before some laws on mandatory encryption on privacy data are passed ?
    • If every ID in the USA was stolen then only criminals will have IDs....

      or something like that.
  • by physicsphairy ( 720718 ) on Thursday October 11, 2007 @05:00AM (#20937575)
    First of all, you can't fine him "$3 million", (a) because he couldn't pay it, (b) because then you probably have to pay people close to that amount just to convince them the financial risk of the job was worth taking.

    Also, it's evident it wasn't 100% on him. The data was stolen from an intern's car. He bears the indirect culpability of not encrypting it, not backing it, trusting the intern, whatever. It's natural to feel that "heads should roll" but why should the onus of all this fall necessarily on him? (Well, maybe it all should--I'm just going off the blurb in the summary.)

    On the other side of it, a week's vacation time is ridiculous, whether or not he's at fault. If he is, well, there should be a real punishment. If he's not, it's fairly idiotic to slap him around just for the show of doing so.

    And how much did the four-month long investigation cost? If it was more than a week of this guy's vacation time... yeah, well, that was another win for the taxpayers, wasn't it?

    The way it should have worked is that there should have been a clearly defined set of rules, a clearly defined set of responsibilities, and a clearly defined set of repercussions. When employee X neglected responsibility Y, he should have already been aware that Z would be the punishment, and Z should have been what happened immediately afterward. You might need a four month investigation to find the harddrive thief, but you shouldn't need more than a week to handle violations of internal policies.

    • Why continue to entrust him with the position?

      A third party brought in from Ohio's Office of Collective Bargaining investigated the incident and recommended the penalty, in other words this guy is a union employee and therefore essentially immune from almost any significant discipline.

      • by aclute ( 94263 )
        Wrong! This gentlemen is not in the union. He is part of the administrative team at OAKS.

        OCB has experience in handling these types of cases, and so was brought in for their expertise.
    • Yes, he is 100% guilty. How can it happen that a bloody intern can leave the house with sensitive data? He let that happen.

      At the very least he should be removed from this position, he proved quite bluntly that he is unfit to make security related decisions.
      • How can it happen that a bloody intern can leave the house with sensitive data?

        Maybe it was his job to take the backups to off site storage. Thats what I spent a lot of my time doing early in my career. You wouldn't want to waste a skilled worker on that type of job but you really would want to be sure that steps were in place to ensure security of the data, and that the intern was properly supervised.

        • Handing an intern unencrypted data and sending him out of house is common practice in the US? When are people going to wake up and realize that something like this should be transported with at the very least as much security as a sizable sum of money?

          Data is valuable. Especially if it's neither encrypted nor trivial to acquire normally. Businesses should actually have realized that a while ago. I can understand that Joe Average doesn't get the idea of the value of information, but when you look around, you
    • Regarding the investigation - I think this was mainly about reviewing the information security policies of all state agencies. Regarding the punishment - I speculate that the review found that the same policies were present in many state agencies. It wouldn't make a lot of sense to punish the one guy who got unlucky, when he wasn't doing anything differently from all the others.
  • Smells bad (Score:3, Insightful)

    by ladybugfi ( 110420 ) on Thursday October 11, 2007 @05:13AM (#20937637)
    From my experience people who do grossly inappropriate things get usually kicked out of the company. If these two get just this minor punishment it might be because the organization did not have clear enough policies and procedures for storing and handling the data. If there are no rules or employees do not know them, people can not be held accountable for any wrongdoing. If this is the case, even this vacation time punishment is too severe.

    On the other hand, maybe the organization subscribes to the principle of giving people a second chance.
    • Incorrect. As a unionized worker it isn't that there are no clear policies - in fact, the policies and procedures are probably specific down to the letter (and largely ignored). The minor punishment is unquestionably in deference to unionized government employees who are virtually immune from punishment - this is why teachers who are accused of improper sexual contact (or buying plants without the principal's permission? wtf?) with one of the students are given full salary to sit in a room and do nothing [nypost.com]
      • by TheLink ( 130905 )
        Wow. Good thing they have these procedures. Why fire someone for buying a plant for his school and giving students watches he made?

        And it's amazing how screwed up the thinking is: "Some say the teachers themselves are to blame - their union contract requires a hearing before any tenured employee can be fired."

        What next? The citizens are to be blamed - the Constitution requires due process before any citizen can be thrown in jail?

        As far as I can see, the hearings just aren't happening often enough. So whose
  • Hell, can I work there and "lose" a tape as well? I mean, a week vacation time less is quite ok, from the money I make when I sell that tape to the local papers I can make the rest of my vacation time worth that lost week.
  • Mistake (Score:5, Insightful)

    by pubjames ( 468013 ) on Thursday October 11, 2007 @06:00AM (#20937879)
    The guy made a mistake. We don't know him or the situation. He may be otherwise great at his job.

    What's all this crap about his punishment should match the cost of the mistake rubbish?

    If a doctor makes a mistake and a patient dies, do we kill the doctor?
    • No, but only because doctors are an expensive item, not because we're so intrinsically civilized. Bureaucrats, on the other hand, for the most part are a dime a dozen. We can well spare a few.

      But yeah, the punishment maybe shouldn't match the cost of the mistake ... but it should fit the crime. Somehow a week's vacation doesn't seem like enough. The only way I can see it being reasonable is if he was in a situation where his bosses refused to allocate sufficient resources to get the job done. In that cas
  • Well, that seems reasonable. I'm glad they found a good way to deal with this situation.

  • by Jtheletter ( 686279 ) on Thursday October 11, 2007 @06:18AM (#20937971)
    Mr. Miller announced "Well, fuck it," and decide to revoke all Payroll DB access rights, delete the tables and go on "permanent" vacation from the job. Problem solved!

    On a more serious note.... what happened to the intern?
    • Re: (Score:3, Informative)

      by pbemfun ( 265334 )
      The intern was fired a few weeks after this happened. As was the intern's immediate supervisor and the supervisor's manager.
  • I recieved one of those lovely "We lost your data" letters ... 2 months after the incident. So, as one of the individuals who was personally impacted by this, I'd like to say a few things:

    1) Their IT staff is incompetent. In my department, we ship over 50TB a week to our DR facility in England. We have had instances where tapes were lost in transit (thanks FedEx!) but the data was encrypted. No harm, no foul. That being said, their idea of sending tapes offsite was to put it in the back of an inter
  • by Anonymous Coward on Thursday October 11, 2007 @06:53AM (#20938127)
    Announcer: "Jerry Miller, you just caused the loss of $3 million for the state of Ohio, and negatively impacted the lives of more than 100,000 people. What are you going to do next?"

    Miller: "I am apparently NOT going to Disney World."
  • He'll be severely whipped with a wet noodle! That'll teach him!
  • I'm Impressed (Score:3, Insightful)

    by sskinnider ( 1069312 ) on Thursday October 11, 2007 @07:20AM (#20938313)
    It is rare that a person accepts responsibility in the private sector, it is even more rare that they accept it in the civil service. It goes to show that this man has a decent moral character.
    • by geekoid ( 135745 )
      POliticians aside...

      I have seen people screw up and take responsibility in the public sector. Something that is allowed because people aren't fired for speaking up.

      In the 20+ years I was in the private sector, it was rare for some to take responsibility for errors. Mostly because people were scared to death that they would loose their job.

      As I like to joke to my colleagues:
      "For years all I heard was how lazy government workers are. Do nothing slugs. I get a job in the public sector and it's work, work work.
      • You are an outlier (Score:3, Insightful)

        by blueZ3 ( 744446 )
        If you're a hard-working go-getter in the public sector, more power to you. There definitely are some folks in government who are hard working. My wife, when she worked for the city, was one of them. But it's not the banker's hours or some nefarious "agenda" of pundits that drives public opinion.

        The real issue is that the perception the public has isn't drawn from the class of "all government workers.". The public's perception is based on things like the California DMV offices, where dozens of citizens stan
  • As an additional penalty they will be suspending him with pay for 1 week. The start date is TBD. :-)

  • The reality of the situation is his superiors see him as so valuable they did practically nothing. This is up there with "These are not the droids you are looking for."

    If you could bottle whatever that is, I'd be first in line.

"I am, therefore I am." -- Akira

Working...