Schnirman worries about public record posted on county website (updated)


 

After falling for a  $710,000 phishing scam, County Comptroller Jack Schnirman is warning Nassau legislators against posting "sensitive" information on their website -- an issue the county and the state's open government director addressed four years ago.

Schnirman, who recovered the $710,000 after a police investigation, wrote a letter to the leaders of the county legislature Wednesday. He said that while reviewing "potential vulnerabilities" in the county, "it has come to light that sensitive pieces of vendor information (such as the Federal Tax Identification Number--TIN) have been publicly available" on the legislature's website.

Schnirman, who has consistently advocated for transparency in fundraising emails,  said,  "We must balance transparency with the need to protect sensitive information."

He encouraged lawmakers "to review the publicly available information for redaction of sensitive information."

But Presiding Officer Richard Nicolello (R-New Hyde Park) noted today in a letter to County Executive Laura Curran that the former county attorney had issued rules for posting contracts two years before Schnirman, a Democrat, took office. Nicolello also wondered why the comptroller had not contacted Curran, a Democrat to see if the rules needed revisions.

Nicolello included a copy of a 2016 memo from then County Attorney Carnell Foskey directing all department heads to avoid disclosure of private vendor information. Foskey said they should advise vendors to redact all sensitive information on  "web ready" paperwork. Such sensitive information, Foskey wrote, includes social security numbers, home or personal telephone numbers, home addresses, information of a personal nature where disclosure would cause hardship, and trade secrets.


More than six months of contracts that had been posted online were taken down then for redactions.

At the same time as Foskey's memo was issued, Robert Freeman, then executive director of the state's Committee on Open Government, told Newsday that federal tax identification numbers are public record.

"Company tax ID numbers are not private," Freeman said, and can be found on many public documents. “Its not personal,” he explained. “If its not personal, the privacy exemption would not apply.”

A web search today also found that federal tax id numbers are public.

Asked why Schnirman was advocating that public information, such as the federal tax id number, be removed from the website, his spokesman Harrison Feuer, said today in an email, "Since taking office in 2018, the comptroller has made transparency initiatives a top priority."

But the  comptroller's office also reviews available data to determine whether publishing it "advances transparency," he said.

"While not private information, publishing certain information (such as tax ID numbers) offers limited transparency benefit while also creating vulnerability for fraud," he said. "As such, the county should recognize this concern while continuing to advance transparency initiatives."

Nicolello, in his letter to Curran and County Attorney Jared Kasschau,  said the legislature relied on Foskey's guidelines.

"I am providing a copy of Mr. Foskey’s letter to the Comptroller since he apparently did not know
that the administration had a procedure in place for handling sensitive vendor information in
disclosure documents," Nicollelo wrote.

"If there has been a change in the procedures for handling sensitive vendor information, please
advise any new or revised procedures adopted by your administration."

He also said he will ask Schnirman's office to identify  sensitive data and work with county IT to see that is is removed.

Curran spokesman Michael Fricchione said the administration is mandating cybersecurity training for all county employees.

In the cyberattack against the comptroller's office, a scammer impersonated a county vendor in an email and directed that payments be sent to a new bank account. The comptroller learned of the scam when notified by the bank that the account was fraudulent, according to testimony at a finance committeee meeting last week. 


Comments

Post a Comment

Popular posts from this blog

CSEA retirees file suit to stop new contract insurance change (Updated)

Image
Civil Service Employee Association retirees today were in court attempting to stop a change in health insurance included in a new union contract scheduled to take effect Jan.1. The "Nassau Retirees Legal Fund" and eight other CSEA employees argue in a class action lawsuit filed today against Nassau and County Executive Bruce Blakeman in Nassau Supreme Court that they face  " imminent and irreparable medical, emotional, and financial harm because the County intends to deprive them of promised health benefits in 2024." The new contract negotiated between the union and Republican County Executive Bruce Blakeman and ratified by members in August changes the health insurance from New York's Empire plan -- which provides platinum coverage -- to the New York Excelsior plan. The Excelsior plan is more costly for union members but less expensive for the county.  Update:  The state, meanwhile, has increased rates for the Excelsior plan -- in come cases by more than 40 pe
Read more

Nassau CSEA contract deal -- talk of the county for two days -- finally announced (UPDATED)

Image
Talk around Nassau County for the past two days has been that Republican County Executive Bruce Blakeman had struck a new labor agreement, signed Monday, with the county's largest union, the Nassau Civil Service Employees Association. The CSEA, which include most non-law enforcement county employees, has been working without a contract since the end of 2017. As of June, there were 3,359 fulltime CSEA members. An announcement went out late today but it didn't say much: A spokesman for Republican County Executive Bruce Blakeman did not respond to an email today asking when the CSEA deal would be announced. Everyone is looking at the CSEA because exempt employees -- county workers who are hired and fired at will -- traditionally are given the same benefits as the union members. But the exempts are not happy with some of the rumors about the agreement: one is that the CSEA will take a lesser health insurance plan in return for an upfront payment, perhaps of $1,500, for each member.
Read more

Eisenhower Park restaurant to be run by D'Amato client

Image
                                                                                A Manhasset group with ties to the food service business has won its bid to run a county-owned restaurant, cigar club, and golf concessions in Eisenhower Park,  replacing longtime operator Anthony Capetola. Capetola, a colorful Republican lawyer, has operated Carltun on the Park since 1995 through various license agreements and extensions under four different county executives, Republican and Democrat. But the county selected EGB Hospitality LLC of Manhasset from two proposals for a new 15-year operating license that begins this fall, with another five-year option, according to the deal submitted to the county legislature for approval on Monday. Lawyer Elias Trahanas, of Great Neck appears to be the lead principal in the five-member EGH group, along with his brother Bobby.  EGB Management Team Both Elias and Bobby trace their food service roots to the family-operated Golden Reef Diner in Rockville Centre, s
Read more