In a previous post, I provided information concerning a change to the credit monitoring and identity theft protection services provided to some of those of us impacted by the Office of Personnel Management (OPM) data breaches. Since then, employees have asked whether their personal information would be retained by Winvale/CSID after that vendor stopped providing credit monitoring and identity theft protection services on December 1, 2016.
NTEU put that question to OPM. In response, OPM asserts that:
- Information for those enrolled in the Winvale/CSID coverage will be deleted from the vendor’s systems in accordance with government standards on data destruction.
- Contractually, Winvale/CSID has 45 days from the expiration of coverage to notify the government that the deletion has taken place.
- Those with open identity restoration cases and identity theft insurance claims will have their information deleted from Winvale/CSID’s systems once their cases are closed.
NTEU has recommended that OPM add the above information to the section of its Cybersecurity Resource Center that addresses the change in service provider. It remains to be seen if OPM accepts NTEU’s recommendation.