DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

NYS: Inadvertent release to adoptee of birth mother’s identity leads to reforms

Posted on June 22, 2016 by Dissent

Another “small” privacy breach with big impact. In this case, the big impact was an overhaul of the state’s system. From their press release:

New York State Inspector General Catherine Leahy Scott yesterday released a report of an investigation that found the State Department of Health’s (“DOH”) complex and antiquated storage of vital records led to the inadvertent 2012 release of a birth mother’s confidential identity to an adoptee. The investigative findings also led to a complete overhaul and modernization of the State’s maintenance of millions of birth, death, marriage and divorce records, as well as new policies to ensure quality control prior to the release of any of those records.

Inspector General Leahy Scott’s investigation found human error led the DOH’s Bureau of Vital Records to release a partially redacted Transcript of Birth to an adoptee in 2012 in which the adoptee’s biological mother was identified, despite the record being specifically flagged with restrictions to its dissemination. The investigation found the DOH’s vital records filing system was antiquated and susceptible not only to human error but also to the inadvertent loss or destruction of records.

As a result of the inadvertent disclosure, DOH instituted new policies requiring triplicate quality control checks prior to releasing any records. It also commenced a modernization of its record keeping by digitizing paper and card files held by the Bureau of Vital Records, many of which were originals without any duplicates.

“The wrongful yet inadvertent release of confidential information in this case exposed systemic shortcomings with the State’s filing and maintenance of vital records,” said Inspector General Leahy Scott. “Ultimately, my investigation led to important reforms modernizing all policies and systems used for storage and the appropriate dissemination of these critically important records.”

The DOH Bureau of Vital Records maintains a repository of over 30 million vital records, including birth, death, marriage and dissolution certificates, as well as adoption records. Most of the records are contained on film, microfiche, and scanned digital files. However, approximately 2,420,000 are paper certificates. The Bureau of Vital Records annually processes approximately 400,000 new vital records supplied by local registrars and clerks; over 200,000 requests for copies and/or confirmations of vital records; 34,000 applications for certificate corrections and amendments; and 20,000 requests for genealogical information. The Bureau of Vital Records processes approximately 500 records requests each day.

The Inspector General’s investigation further revealed that in order to fulfill record requests, the vital records staff sometimes had to resort to searching through myriad databases/indices to match a request to a record, and some searches could only be completed by certain seasoned staff members who were familiar with the filing systems. At least one of the indices, a card catalog spanning approximately one hundred filing cabinet drawers, was the only record of amendments with no duplicate copy in existence.

In response to the Inspector General’s investigation, DOH has entered into a contract and commenced a modernization program to include the scanning and indexing of the paper records within its repository, including but not limited to approximately 2,420,000 paper records on file, as well as its card catalog index of amendments to records. The digitizing of those records is expected to be complete by September 2016.

A copy of the report may be viewed by clicking HERE.

SOURCE: New York State Inspector General

Related posts:

  • 100 more breaches you probably never knew about in 2009
  • NY: Focused Technologies Imaging Services to pay more than $3 million for illegal and covert outsourcing of 16 million fingerprint cards to India for data entry
  • 95 new breaches in 2010 that didn’t make the news
  • 3,400 death registry records accessed in Hawaii Department of Health data security breach
Category: ExposureGovernment SectorU.S.

Post navigation

← Information on 154 million voters exposed in the cloud – again. (Updated)
Texas Health & Human Services Commission notifies 600 after contractor can’t locate 600 records →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.