After data breach, new rules for sending sensitive information
A data breach that jeopardized personal information for more than 700,000 people has spurred California officials to change how they transport sensitive information.
Packages of payroll data, including Social Security numbers, will be delivered by courier rather than dropped in the mail. And officials are examining ways to transmit encrypted data, rather than storing it on microfiche.
The changes were confirmed by Oscar Ramirez, a spokesman for the California Department of Social Services.
“We’re looking to improve the process," he said.
The overhaul stems from a breach that occurred earlier this month while transporting information on more than 700,000 people who provide or receive home care for the elderly and disabled.
A package shipped by Hewlett-Packard, which handles payroll data for workers in California's In-Home Supportive Services program, arrived damaged and incomplete at a state office in Riverside.
The breach upset unions who represent home care workers.
"We are dismayed by the revelation that confidential IHSS payroll information is being stored on non-encrypted microfiche tape," said a statement from Doug Moore, head of the UDW Homecare Providers Union. "It is shocking that a large state like California would use such antiquated procedures to maintain confidential personal information -- especially in this time of increasing identity theft."
An investigation into the breach is ongoing, Ramirez said.
— Chris Megerian in Sacramento