COLUMBIA — A former employee of South Carolina’s unemployment agency says in a lawsuit filed this week that the department’s director fabricated allegations that she improperly downloaded personal information to force her out.
Kerry Paul was fired Tuesday from her post as human resources director at the Department of Employment and Workforce, or DEW. Agency officials say she downloaded personal data of thousands of current and former employees and their children and beneficiaries onto a personal flash drive. She wasn’t accused of downloading information from businesses or anyone receiving unemployment benefits.
In a complaint filed this week in Richland County, Paul denies downloading the employee information on the day security software detected such a download, but also says that handling the information was part of her job and generally shouldn’t be considered a breach. Paul accuses director Cheryl Stanton of mounting a months-long campaign to make her leave because other employees viewed her as the agency’s informal leader.
In a statement provided to The Associated Press on Friday, agency officials said the lawsuit had no merit.
“This is nothing more than a disgruntled former employee who was fired for violating agency policy regarding the handling of personal identification information, said Darrell T. Scott, DEW’s chief of staff.
Paul’s lawsuit was filed Wednesday, the same day DEW began notifying more than 4,600 people that their information may have been compromised. Without identifying Paul at the time, agency officials said an employee had been suspended Dec. 19, a day after security software detected an unauthorized download from human resources files.
“This is exactly what should have happened,” Stanton said then. “Our security measures detected these downloads and DEW promptly began a full investigation.”
But in her lawsuit, Paul said handling such information was part of her job and others within the agency knew about it. Instead, Paul said that Stanton — who took over at DEW last year — disliked the fact that Paul was “perceived as the informal leader of the organization” and asked her several times to leave the agency.
Paul said she didn’t make the unauthorized download in December. She said she’d already turned over two flash drives to security personnel after Stanton said she was in violation of an electronic data policy.
Before her suspension, she said she got a call from Gov. Nikki Haley’s chief of staff, who said Stanton could fire her if Paul “got in her way of running the agency.”
After Paul’s Dec. 19 suspension, state police got warrants to search her home and car, moves Paul said were intended to “threaten and intimidate” her. Paul’s lawsuit accuses Stanton of making defamatory statements about her and abusing her position of authority to pressure state police to investigate.
Stanton has not yet responded to the allegations in court.
Cyber security has been a politically hot topic in South Carolina in recent years. In the fall of 2012, the Department of Revenue became victim to the largest single hacking of a state agency nationwide. In that case, a computer hacker stole unencrypted personal data belonging to 6.4 million people and businesses from tax returns dating to 1998.
In October, a former project manager of the Department of Health and Human Services pleaded guilty to criminal charges after authorities said he compiled the personal information of more than 228,000 Medicaid patients on a spreadsheet and sent it to his private email account.
Last month, 3,432 members of a high-risk insurance pool were notified that a password-protected laptop stolen from an auditor’s car contained their personal information, including names and Social Security numbers.
Kinnard can be reached at http://twitter.com/MegKinnardAP