HENRICO, VA (WWBT) - An internal audit criticized the Henrico County Department of Public Utilities for the mismanagement of confidential customer information.
The audit, dated November 16 but not posted publicly until this month, indicates that sensitive data including social security numbers were transmitted by DPU personnel via unsecured e-mail, or via a customer support web site not determined to be adequately protected.
The audit also reveals that files containing SSN's were included in flash drives that were not password protected from unauthorized access.
While the audit cites the potential for misuse of the data, it does not appear that any confidential information ended up in the wrong hands.
In a response included within the audit, DPU indicated that the issues have been resolved. In the future, all flash drives will be protected, and sensitive data will not be included in e-mails, according to the DPU.
When asked about the audit, Art Petrini, Director of Public Utilities, said, "They [auditors] have the expertise to help us uncover our weaknesses. Now, the county as a whole is better because of it."
Petrini added, "I'm very confident that we will not have our customers' personal information at risk."
PDF: See the full audit