On August 4, 2011, a prison guard at Fort Dodge Correctional Facility in Des Moines, Iowa, a medium-security state prison which houses more than 1,300 prisoners, found sensitive employee records in a file drawer in the prison’s Barber Shop, a location converted from an administration office several months prior. The records, forms related to the prison’s severe weather plan, were about a decade old and contained the names and social security numbers for 23 prison employees.
As a result of the records being found in an area where prisoners could have had access to them, the Iowa Department of Corrections paid for 1 year of credit protection, through August 2012, for the affected prison guards at a cost of $1,920. The union subsequently asserted that this was not sufficient protection for their affected members and that the protection should be expanded. Eventually, the case was sent to arbitration, where the state was found negligent by arbitrator Jay Fogelberg, and ordered to pay for 3 years of additional credit protection for the affected employees. Of the 23 affected employees, 17 accepted the additional protection, which will cost the State $3,825 or $75 per year per employee. The coverage is being provided by Geico Identity Theft Protection.
In response to this incident becoming public, Fort Dodge Warden James McKinney asserted, “[I]t is still somewhat of a mystery on why ‘one’ 10-year-old document was found in the secure area of the prison. Our investigation never was able to determine how this occurred.” Yet, those who represent those affected by this security breach aren’t so aloof. Said Danny Homan, president of the American Federation of State, County and Municipal Employees Iowa Council 61, “Records shouldn’t be anywhere but in the employee’s personal files . . . You have to protect these people’s identities[.]” To date, none of the affected employees have reported suspicious activity in their credit records or reports.