Cybersecurity and ethics questions surround computer files found in Lancaster County office | Local News


Dozens of personalized documents belonging to Lancaster County’s top rated law firm – which includes documents similar to nearby Republican Party committees – were being identified on a county federal government computer system network earlier this calendar year, raising issues about whether or not she carried out campaign or other outside function making use of taxpayer time or methods.

The documents belong to Jacquelyn E. Pfursich, the previous clerk of courts who last year was appointed county solicitor. Pfursich said she unintentionally transferred the files onto the county’s laptop community when she utilised a particular thumb travel in July 2021 to transfer some function-similar documents as she transitioned into her new position as solicitor.

LNP | LancasterOnline obtained copies of the 85 or so information in question. They contain 55 paperwork associated to Pfursich’s political operate with the county and Hempfield Republican committees, at the very least 13 data files associated to outdoors authorized perform Pfursich done through several years she was serving as clerk of courts, and 11 files that had been personal in mother nature, like her children’s report playing cards. The character of a handful of other files — these types of as a notice for a wintertime donation push — is unclear.

At the exact same time she served as clerk of courts, Pfursich represented personal authorized purchasers on the facet. She’s also been a longtime leader in the local Republican Celebration, serving as chair of the Hempfield Spot Republican Committee due to the fact 2016.

The clerk of courts is an elected place. Elected officers like the clerk are permitted to hold outdoors jobs whilst serving in workplace. But Pennsylvania’s General public Officials and Staff Ethics Act bars elected officials from utilizing their place of work for “personal economic attain.” And the Pennsylvania Condition Ethics Commission, which investigates ethics issues, has identified conducting marketing campaign do the job and individual function with county means, this kind of as a laptop or telephone, to qualify as a variety of money achieve.

The fee also has to obtain that the exercise was a lot more than a small acquire. It uncovered in 2017 that a Beaver County commissioner, Joe Spanik, experienced violated the Ethics Act by directing his secretary at the county to do campaign perform for his re-election. She used county place of work gear and time she was on the clock to do it.

The commission calculated she invested about 17 several hours carrying out the perform, valued at a least of $415, based mostly on her pay out amount. He also utilized notary companies from the county valued at $180. Spanik recognized an arrangement with the fee to spend $1,000, most of which went to Beaver County.

Files reported

The political and private data files belonging to Pfursich were being initial talked about in community at a June board of commissioners meeting when Ron Harper, Jr., a Rapho Township male, claimed he experienced unearthed evidence that Pfursich had misused her business as clerk of courts. Harper has labored both independently and with Pennsylvania Republicans as an opposition researcher and investigator of political officers.

Internally, the existence of personalized and political paperwork on the clerk of courts network was to start with noted to human resources director Michelle Gallo and Democratic county Commissioner John Trescot in a March 31 memo prepared by Pfursich’s successor, Mary Anater. Trescot was notified, Anater said, because he is her office’s specified main position of call with the in general county board of commissioners.

Anater said staff in the office environment have been conscious of the data files but did not instantly warn her to them until eventually many months into her tenure, in March. “When staff members issues were lastly raised with me, I reviewed the information, determined they were being from county policy” and documented them, she said.

Pfursich stated she was unaware all through that time period that the data files, some which contained private info of authorized clientele, were accessible in a shared county laptop community.

“In hindsight, I should have utilized a clean, new thumb travel to stay away from any accidental transfer of information,” Pfursich mentioned. “However, I have under no circumstances applied county personal computers or county sources for political uses.”

Pfursich delivered LNP | LancasterOnline with an interior memo from the county IT director, Steven Clement, that exhibits he observed it likely her transfer of individual documents to the county’s community was accidental.

“The details in query was effortlessly identifiable as currently being personalized in character, very likely the result of an accidental thumb generate imprint, and not immediately deleted through the conventional wiping of information on prior employees’ transition from the position,” Clement said in an April 1 memo to the county’s major administrator, main clerk Lawrence George who oversees the county’s different departments, which include IT and human means.

For every George’s route, IT personnel eradicated the data files from the shared drive and forwarded them to the main clerk for storage on a county push tied to his workplace, he explained to LNP | LancasterOnline. Storing the information on a challenging generate prevented any individual with accessibility to the county community push from accessing them.

But he took no added ways to search even more into the make a difference or refer it to an individual else – no matter if an outside the house legal professional or other investigative system – and George reported he did not take into account irrespective of whether the existence of the files termed for additional inquiry.

“The 1st goal was to take out all the details that was considered available to anyone it ought to not have been obtainable to, and my initial considered wasn’t truly, ‘Oh, is that heading to taint any kind of investigation that may possibly need to observe?’” George mentioned.

Moral factors

Pfursich’s account of how the documents wound up in the county network and the subsequent reaction by George and other individuals raises questions about the county’s cybersecurity procedures and protocols, as nicely as how it handles possible ethics matters involving elected officials.

Pat Christmas, policy director at the Philadelphia-primarily based superior authorities team Committee of Seventy, said it is unclear, based on a description of the circumstance, irrespective of whether the issue has ethics implications or indicates some kind of breakdown in the county’s HR protocols.

If this was simply just a error by Pfursich, Xmas mentioned, county officers could want to critique the onboarding course of action for county workers.

“Maybe it wants to be sharpened up to stay clear of this form of factor going on in the upcoming, most likely schooling around this, as well as for the individuals who would administer these a coverage,” he mentioned.

The make a difference warrants additional inquiry, Xmas claimed. The public warrants assurance its elected officers are remaining above board, he claimed, specially in an era when religion and have faith in in government are at all-time lows.

“Even reasonably minor infractions or probable violations can dent that have faith in, so that’s why, substantively, and with regard to notion, I feel these difficulties matter,” Christmas explained.

George termed the scenario more than Pfursich’s documents “unprecedented.”

“Thankfully, this does not occur up pretty normally. In reality, I’m not aware of any instance certainly in my occupation,” George claimed. But he acknowledged the county need to have clearer methods for related predicaments.

In an e mail, Trescot, the Democratic commissioner, said he would assistance owning a greater outlined set off for examining probable ethics issues and generating suggestions for motion.

Republican commissioners Josh Parsons and Ray D’Agostino, who have political ties to Pfursich and voted for her appointment to solicitor in July 2021 more than objections from the Democratic commissioner at the time, Craig Lehman, did not respond to the identical thoughts.

Right before getting 1st elected as clerk of courts in 2015, Pfursich worked as assistant county solicitor.

Existing plan

Via an open up records ask for, LNP | LancasterOnline received a duplicate of Lancaster County’s IT security policy. Very last up to date in June 2021, it does not expressly forbid users of the county program from using outside the house thumb drives or putting county paperwork onto a private product, as Pfursich stated was her intention.

It does say that consumers “should retailer perform documents and facts on cloud-base storage, instead than on unit difficult drives or USB storage gadgets, as cloud-primarily based storage provides improved safety than the solutions.” They also need to have to make certain people storage products are scanned for viruses before getting utilised.


LNP | LancasterOnline attained Lancaster County’s IT protection coverage by way of an open up information request.




Other language in the coverage appears to exempt elected officers from the procedures employed staff members have to adhere to. The coverage language expressly states that it applies to “all persons with granted approved access,” but an asterisked note says elected officers utilizing the system “are liable for their possess actions.”

Trescot explained the coverage regarding elected officers relates to the reality that they’re not county staff members. “The county government does not seek the services of or fireplace elected officers,” he claimed.

Working with formal methods for marketing campaign do the job can run afoul of Pennsylvania’s “theft of services” statute. But a prosecution less than that statute would possible demand evidence of a persistent sample of using county assets for non-formal company.

George instructed LNP | LancasterOnline that his response followed county procedures, but it made an unintended consequence of dropping file knowledge that could’ve been section of a deeper inquiry.

Clement, the county IT director, did not answer to a phone or e-mail about that coverage and no matter whether deleting the documents from a shared push removed the ability to do a further forensic evaluation of how and when the particular information wound up on the county community.

An incapability to overview the background of laptop or computer activity by county officials would suggest big technique deficiencies, said Daniel Castro of the Information Technologies and Innovation Foundation, a Washington, D.C., imagine tank that focuses on cybersecurity and privateness problems.

IT techniques have arrive to rely on “audit logs” to beat viruses and ransomware attacks, Castro stated. The logs maintain observe of who accessed what file or plan and when, and what they did with it, Castro claimed.

And to allow users to duplicate or transfer county documents to a unit exterior the IT program, or at all, was also questionable, Castro mentioned.

“These are officers for whom chain of custody really matters – for documents, who has accessibility to matters, you want potent audit logs. This all just variety of implies lousy IT in general and IT stability,” Castro claimed. “That is sort of troubling.”

Team writer Carter Walker contributed to this story.


Displaced Motel 6 people come across lodging as unexpected emergency shelter closes


‘Like a nightmare:’ Ex-spouse, previous co-employee depth shock soon after arrest of David V. Sinopoli in Lindy Sue Biechler circumstance


Locals hauling uncovered trash to LCSWMA facilities could face economical penalty



Source hyperlink