California Loses Personal Data In the Mail—Again

A busted shipping container allows sensitive records belonging to 700 000 home care workers and patients to go missing

2 min read
California Loses Personal Data In the Mail—Again

On this blog, we write a lot about cybercriminals defeating organizations’ online security measures (often because they’re woefully inadequate) or tricking consumers via some phishing or social engineering scheme. But sometimes you have to wonder whether the people responsible for other people’s personal information could make a bigger mess if they were intentionally trying to divulge the data.

Take for example California’s Department of In-Home Supportive Services (IHSS), which reported late last week that more than 700 000 records containing personal records of caregivers and patients were either lost or stolen. The department, which organizes and oversees the provision of home attendants and visiting nurses for elderly and disabled people, says that Hewlett Packard, with which it contracted to manage the data, notified it that a package containing microfiche with payroll data was missing from a package it sent via the U.S. Postal Service. Among the items were 375 000 workers’ names, Social Security numbers, and wages, plus the names and state identification numbers of care recipients. The package, which HP sending to California’s Compensation Insurance Fund arrived with the container damaged and some of the records missing.

A Los Angeles Times article quoted Michael Cox, a spokesman for the Service Employees International Union, the labor union that represents hundreds of thousands of home care workers in the state:

"[The fact that such] primitive security measures are still in place is inexplicable.”

I think Cox’s characterization was a bit generous. It doesn’t seem out of place to look at a cardboard box containing pictures of unencrypted records and ask: What security measures? I have no idea whether California law allows it, but it would be perfectly just for the people whose information was handled so carelessly to sue the state. Perhaps the pain in the state’s purse strings will cause it to set the bar for maintaining or distributing sensitive data a little higher.

In March, computer storage devices containing the names, Social Security numbers, and other private records of about 800 000 adults and children were lost in transit between an IBM facility and the California Department of Child Support Services. See if this sounds familiar: a container holding the memory devices broke during shipping, allowing some of them to spill out.

The Conversation (0)

Why Functional Programming Should Be the Future of Software Development

It’s hard to learn, but your code will produce fewer nasty surprises

11 min read
A plate of spaghetti made from code
Shira Inbar

You’d expectthe longest and most costly phase in the lifecycle of a software product to be the initial development of the system, when all those great features are first imagined and then created. In fact, the hardest part comes later, during the maintenance phase. That’s when programmers pay the price for the shortcuts they took during development.

So why did they take shortcuts? Maybe they didn’t realize that they were cutting any corners. Only when their code was deployed and exercised by a lot of users did its hidden flaws come to light. And maybe the developers were rushed. Time-to-market pressures would almost guarantee that their software will contain more bugs than it would otherwise.

Keep Reading ↓Show less