Alaska Union Pans ID Theft Settlement

Did the state of Alaska do all it could for public employees whose personal data was lost in a breach by a third party late last year? A union doesn’t seem to think so, but the state says the offer by the company for free credit monitoring was generous, according to The Associated Press.

Last December, the accounting firm PricewaterhouseCoopers LLP discovered it had lost information on 77,000 current and former government workers. The company is an expert witness for the state in a lawsuit.

A week after the company notified Alaska about the breach, in January, the state announced it had reached a settlement with the company on behalf of the workers. The agreement was that workers whose data was exposed would be able to monitor their credit reports for two years, free of charge, through the firm’s credit protection service (though prices vary, credit monitoring services typically cost about $15 a month, according to Senior Assistant Attorney General Ed Sniffen, who is quoted).
 
Now the Alaska State Employees Association, which represents 8,000 workers whose data was lost, says the state should renegotiate the terms with PricewaterhouseCoopers, the AP reports. “We think that's shortsighted to put a two-year period on it,” union business manager Jim Duncan tells the news service. “It doesn't adequately protect our members or retirees.” The union also wants the monitoring to be done automatically, without its members having to “opt in” for it. 
 
Sniffen told the AP the settlement with the company was generous, and that his department is happy with it. He raises a valid point about the auto-enrollment of workers in the credit-monitoring service — that is, that such a system would be logistically impossible given the privacy controls in place for enrollees. And while the union’s concerns about the possibility of fraud occurring beyond the two years covered by credit monitoring are not unjustified — in the wake of a sensitive data loss, there is no definitive “shelf life” for the possibility of resulting identity-related crimes — in this case, information about the specific circumstances of the breach have yet to be disclosed, as the firm, Chicago police and FBI continue to investigate.

Unless new information shows that the state and the firm did not negotiate in good faith, renegotiation of the settlement is unlikely, Sniffen tells the AP. “The settlement is the settlement.” If those affected by the breach sign up for the monitoring by May 3, the protection becomes retroactive to November 2009, according to the article.