The Office of State Finance has changed its network security procedures following an attorney general opinion earlier this week that detailed how to gain entry to the state’s main payroll system.
The letter, sent by Tom Gruber, first assistant attorney general, was a partial response to an open records request by The Oklahoman
to the state Office of Personnel Management.
The newspaper last month requested basic employee information, including dates of birth, payroll records and employee identification numbers, for all state employees. The request has drawn criticism from several employee groups.
The ID numbers request was rejected. The rest of the records request is being considered.
Gruber’s letter details how one could enter the state’s payroll system with an employee ID number and combinations of an employee name.
"Hence, like Social Security numbers, employee identification numbers are a crucial piece of information in potentially accessing confidential employee information in OSF’s data systems,” Gruber wrote.
Social Security numbers are already exempt from the Open Records Act. Addresses and telephone numbers of public employees also are exempt.
The law says nothing about date of birth or employee identification numbers. Dates of birth are readily available in lists of registered voters.
requested dates of birth and employee identification numbers of state employees as part of an ongoing look into the backgrounds of public workers. Dates of birth can differentiate between employees with common names, while employee identification numbers can track employees who have changed their names after marriage.
Michael Clingman, director of the Office of State Finance, said Gruber’s letter may have explained security too well.
"It probably put out a little more information than we would like to see, but I don’t think it’s anything we have concerns about as far as hacking goes,” Clingman said.