DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Notice of Privacy Incident of Historical Health Records – California Secretary of State

Posted on March 11, 2023 by Dissent

From the FAQ (both the FAQ and HTML version have occasional errors and label certain dates 2023 when they were 2022):

1. What happened?

On December 23, 2022, the California Secretary of State (SOS) was notified by a researcher that the records they were provided to view contained records not older than 75 years. Pursuant to Government Code section 12237, all records 75 years and older within Archives are public. Records given to the researcher to view pertained to the State’s forced sterilization program that was conducted in California during the time period of 1908-1979. The records were provided to the researcher on December 19, 2023 (onsite) and December 22, 2023 (via secure digital transfer) and viewed on December 23, 2023. When the inadvertent disclosure of records dated from 1948-1952 was discovered by the researcher, the researcher confirmed they did not view the materials in detail and indicated the PDF copy of the roll of transferred microfilm provided to them for viewing had a mislabeled date range. Our subsequent review of the materials less than 75 years old determined that the documents contained personally identifiable information and medical information. Once the mistake was discovered, the researcher confirmed to SOS that upon recognizing the age of the records, they notified Archives staff immediately, and deleted any material from their computer.

2. When did it happen? (Why didn’t you notify me sooner?)

The incident occurred on December 19, 2023 (onsite) and on December 22, 2022 (via secure electronic transfer). The SOS was notified immediately by the researcher when it was discovered. The SOS has been working swiftly to pull, screen, and redact the records; however, due to the historical nature of the documents, aging microfilm, and the complexity of information contained within the records, screening and identification of individuals has taken time.

3. Why did you have my personal information?

Historical records are sent to the Secretary of State’s office by state agencies and pursuant to Government Code section 12237 are available to be viewed by the public after 75 years.

4. What specific items of my personal information were involved?

• Patient first and last names
• Family member first and last names
• Dates of Birth for some individuals
• Familial history and familial medical history
• Medical information such as diagnosis, dates of operations, dates of sterilization and other unrelated medical history

5. What are you doing about the breach? How will you prevent this from happening in the future?

SOS investigated the incident and has pulled the impacted records from public access while a detailed review of the records is being conducted. SOS confirmed with the researcher that all affected materials have been deleted. SOS has removed the researcher’s electronic access to the records transferred electronically. After pulling the records, screening, and redacting the materials, the SOS believes it is unlikely that there will be any further unauthorized disclosure.

At this time, SOS has no evidence that there has been any use or attempted use of the information compromised by this incident. SOS is providing this notice so that those individuals potentially affected may be aware of what happened and can take the necessary steps to monitor any unusual activity regarding their personal information.

Due to the age of the records, SOS is notifying any affected individuals via this Privacy Incident Notice of the potential that Personally Identifiable Information (PII) may have been compromised.

Read the remainder of the FAQ at https://archives.cdn.sos.ca.gov/pdf/privacy-incident-faqs-003-final.pdf or https://www.sos.ca.gov/notice-privacy-incident-historical-health-records

Related posts:

  • Hacker Operations (OPS) of 2012
  • Audits of New York schools and the State Education Department reveal ongoing significant concerns
  • Meanwhile, over at Uber Leaks…
Category: Breach IncidentsGovernment SectorHealth DataOtherU.S.

Post navigation

← Wilkes-Barre Career and Technical Center averts catastrophe from cyberattack
Housing Authority of the City of Los Angeles discloses a “complex cyber-attack.” We call it a ransomware attack. →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.