The Tooele County commissioners sent letters to about 200 current and former employees Thursday, explaining that their personal data had been briefly breached in an isolated incident caused by human error.
"Tooele County regrets to inform you that your name and Social Security number were inadvertently disclosed to a former County employee," the letter said, providing an explanation about how the mishap occurred.
Evidently two insurance documents from 1996 and 1997 that contained the names and Social Security numbers had accidentally been placed in Shane Brozovich's personnel file.
"The information had been misfiled a long time ago, and then got scanned and given to Brozovich," said Tooele County Public Information Officer Wade Mathews.
Following his March 12 termination from 17 years with the county as a heavy equipment operator, Brozovich requested a copy of his file, receiving its contents in digital format on a compact disc.
When Brozovich discovered the sensitive data, he worried that the error would get swept under the rug if he simply returned the CD. He contacted the state Attorney General's office Wednesday, hoping to place it in their hands, but he was referred back to the county.
By 5 p.m. Wednesday, Brozovich delivered the disc to the Tooele County Attorney's office.
"We contacted the AG's office, and they then contacted Mr. Brozovich and essentially told him what he could be facing," Mathews said.
Brozovich was advised that he could be charged with a felony punishable by up to five years in prison if he kept the identifying documents he knew he wasn't meant to have.
"We appreciate his cooperation and that of the AG's office," Mathews said, adding that no charges would be brought against Brozovich.
The letter emphasized that the data had not been intentionally accessed for unlawful use and had been returned.
"Although this does not excuse the mistake, it certainly presents a more favorable situation than the typical data breach scenario," it said.
Tooele County currently employs about 320 people, Mathews said, who will receive emails explaining the situation and providing tips on how to safeguard their personal information.
A human resource employee could receive a reprimand, Mathews said, but that has yet to be determined.