DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Notice of Privacy Incident of Historical Health Records – California Secretary of State

Posted on March 11, 2023 by Dissent

From the FAQ (both the FAQ and HTML version have occasional errors and label certain dates 2023 when they were 2022):

1. What happened?

On December 23, 2022, the California Secretary of State (SOS) was notified by a researcher that the records they were provided to view contained records not older than 75 years. Pursuant to Government Code section 12237, all records 75 years and older within Archives are public. Records given to the researcher to view pertained to the State’s forced sterilization program that was conducted in California during the time period of 1908-1979. The records were provided to the researcher on December 19, 2023 (onsite) and December 22, 2023 (via secure digital transfer) and viewed on December 23, 2023. When the inadvertent disclosure of records dated from 1948-1952 was discovered by the researcher, the researcher confirmed they did not view the materials in detail and indicated the PDF copy of the roll of transferred microfilm provided to them for viewing had a mislabeled date range. Our subsequent review of the materials less than 75 years old determined that the documents contained personally identifiable information and medical information. Once the mistake was discovered, the researcher confirmed to SOS that upon recognizing the age of the records, they notified Archives staff immediately, and deleted any material from their computer.

2. When did it happen? (Why didn’t you notify me sooner?)

The incident occurred on December 19, 2023 (onsite) and on December 22, 2022 (via secure electronic transfer). The SOS was notified immediately by the researcher when it was discovered. The SOS has been working swiftly to pull, screen, and redact the records; however, due to the historical nature of the documents, aging microfilm, and the complexity of information contained within the records, screening and identification of individuals has taken time.

3. Why did you have my personal information?

Historical records are sent to the Secretary of State’s office by state agencies and pursuant to Government Code section 12237 are available to be viewed by the public after 75 years.

4. What specific items of my personal information were involved?

• Patient first and last names
• Family member first and last names
• Dates of Birth for some individuals
• Familial history and familial medical history
• Medical information such as diagnosis, dates of operations, dates of sterilization and other unrelated medical history

5. What are you doing about the breach? How will you prevent this from happening in the future?

SOS investigated the incident and has pulled the impacted records from public access while a detailed review of the records is being conducted. SOS confirmed with the researcher that all affected materials have been deleted. SOS has removed the researcher’s electronic access to the records transferred electronically. After pulling the records, screening, and redacting the materials, the SOS believes it is unlikely that there will be any further unauthorized disclosure.

At this time, SOS has no evidence that there has been any use or attempted use of the information compromised by this incident. SOS is providing this notice so that those individuals potentially affected may be aware of what happened and can take the necessary steps to monitor any unusual activity regarding their personal information.

Due to the age of the records, SOS is notifying any affected individuals via this Privacy Incident Notice of the potential that Personally Identifiable Information (PII) may have been compromised.

Read the remainder of the FAQ at https://archives.cdn.sos.ca.gov/pdf/privacy-incident-faqs-003-final.pdf or https://www.sos.ca.gov/notice-privacy-incident-historical-health-records

Category: Breach IncidentsGovernment SectorHealth DataOtherU.S.

Post navigation

← Wilkes-Barre Career and Technical Center averts catastrophe from cyberattack
Housing Authority of the City of Los Angeles discloses a “complex cyber-attack.” We call it a ransomware attack. →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.