Dallas Data Disaster: City Spills Sensitive Employee Info

Responsibility Folder
Folder/Getty images SinArtCreative

The Dallas City Secretary’s Office exposed sensitive personal and financial information to The Dallas Express during a chaotic records request process that saw the office repeatedly send bizarre responses and attempt to charge DX more than $5,000 for access to documents.

The exposed information included a former Dallas Fire-Rescue employee’s name, Social Security number, address, birth date, telephone number, and personal financial records. The information was not redacted or otherwise obscured.

DX attempted to contact the former employee and the City of Dallas for comment. However, the two telephone numbers listed for the employee were no longer in use, and the City did not immediately return a request for comment.

The matter began on April 11, when DX filed a public records request for “a comprehensive record detailing every firm or asset in which the Retirement Savings Plan – Optional 401(k) or 457(b) Program has investments, including but not limited to stocks, bonds, mutual funds, exchange-traded funds (ETFs), and other financial instruments.”

The records request also sought a list of all investments made by the Dallas Police & Fire Pension System. The template DX used to submit the request was nearly identical to the ones the news outlet used to request similar documents from other state and municipal entities, and each time, DX received documents similar to the one below.


Such documents are relevant to the public discourse because Texas law prohibits state entities from hiring asset managers or investing in companies that discriminate against Texas’ oil and gas industry. Texas Comptroller Glenn Hegar has identified BlackRock as one financial institution that allegedly unlawfully discriminates against Texas energy producers.

In spite of the initiative by state officials, a number of government entities identified by DX at the state and municipal level, including the City of Houston and the Texas Employee Retirement System (ERS), have maintained or ramped up their relationship with the company while others divest.

After a few auto-response emails, an employee in the City Secretary’s Office emailed DX on April 25 to state they were “unable to produce it for inspection or duplication within ten (10) business days of the City’s receipt of your request [as prescribed by law] because either a voluminous amount of information is requested or an extensive search is necessary to identity responsive information.” The City employee invoked a time extension until April 25, 2024.

On April 23, the same employee supplied DX with an irrelevant email exchange and a copy of a check made by a City official to a public employee who had been terminated from the City in 2002. Attached to the check was a series of internal documents that included the employee’s sensitive personal information. The documents appeared to pertain to a refund of the employee’s pension contributions in the late 1990s and early 2000s.

DX responded to the City, noting that these were not the documents the news outlet was looking for and reiterating that it wanted a list of the many investments the City had made in the defined contribution programs. Later that day, the same City employee responded with a price guide for rentals at the Majestic Theater in Downtown Dallas.

Again, DX noted that this was not relevant material. The news outlet then sent a copy of similar records it had obtained from ERS to demonstrate what it was looking for. At this same time, the pension part of the request was partially forwarded to the Dallas Police Department, even though DPD does not manage the requested records. That part of the request was promptly closed by DPD for that very reason.

Four days later, on April 29, the employee said they would look again. On April 31, they responded with a message that read, “Per the Employees’ Retirement Fund, the first two (2) years of records would be provided free of charge. The cost for additional year(s) of records are $5,000 per year. Please accept our apologies for sending the wrong information. Please disregard the previous information that was provided.”

DX reminded the employee that news outlets are typically granted fee waivers when requesting documents relevant to their reporting. Indeed, DX explicitly requested a fee waiver when it filed the initial request. DX then submitted another request for a fee waiver.

DX then asked why the first two years of records would be free but not the others. At the time of writing, no one from the City Secretary’s Office had responded to the questions or supplied the requested documents. However, the City did invoke another extension until May 31.

The exchange was reflective of other odd interactions with the City Secretary’s Office. During a DX investigation on an unrelated matter, DX and the open records manager ended up before the Texas Attorney General’s Office wrangling over access to work documents produced by then-Deputy City Manager Kim Tolbert during her many years with the City.

First, the open records manager claimed a wide variety of broad legal exemptions protected the documents. After DX challenged these exemptions, it received a message claiming the records did not exist. Then, less than a handful of records materialized without explanation, as DX previously reported.

This action echoed some taken by Tolbert herself. After a multi-part investigation regarding left-wing and anti-police social media activity by Tolbert, she blocked DX on her X account despite recent Supreme Court rulings that held such actions can be unconstitutional in certain circumstances.

As previously reported by DX, polling conducted by the news outlet suggests many Dallas residents think the City has a problem with transparency.

Data leaks also appear to be recurrent in Dallas. A hack in the spring of 2023 resulted in employee data being possibly accessed and downloaded, DX reported. At the time, then-City Manager T.C. Broadnax was less than forthcoming about the hack. Over months, the story grew as it became apparent that non-employee information may have also been compromised, although the public was not initially apprised of this possibility.

Support our non-profit journalism

Submit a Comment

Your email address will not be published. Required fields are marked *

Continue reading on the app
Expand article