Date: March 10, 2023
On December 19, 2022, and December 22, 2022, personal information, related to a sterilization program, was inadvertently released to a single researcher. Pursuant to Government Code section 12237, all records 75 years and older within Archives are public. Records given to the researcher to view pertained to the State’s forced sterilization program that was conducted in California during the time period of 1909-1979. When the inadvertent disclosure of records dated from 1948-1954 was discovered by the researcher, the researcher confirmed to the office of the California Secretary of State (SOS) that they did not view the materials in detail and indicated the PDF copy of the roll of transferred microfilm provided to them for viewing had a mislabeled date range. The SOS’ subsequent review of the materials less than 75 years old determined that the documents contained personally identifiable information and medical information. Once the mistake was discovered, the researcher confirmed to SOS that upon recognizing the age of the records, they notified SOS’ Archives staff immediately, and deleted any material from their computer.
What information was involved? The confidential information contained:
- Patient first and last names
- Family member first and last names
- Dates of Birth for some individuals
- Familial history and familial medical history
- Medical information such as diagnosis, dates of operations, dates of sterilization and other unrelated medical history
What are we doing:
The SOS investigated the incident and has pulled the impacted records from public access while a detailed review of the records is being conducted. The SOS confirmed with the researcher that all affected materials have been deleted. The SOS has removed the researcher's electronic access to the records transferred electronically. After pulling the records, screening, and redacting the materials, the SOS believes it is unlikely that there will be any further unauthorized disclosure. The SOS has reviewed its process and procedures and has implemented safeguards to prevent this type of incident from occurring again in the future.
At this time, the SOS has no evidence that there has been any use or attempted use of the information compromised by this incident. The investigation is ongoing. If it is determined that more information was accessed than what was provided in this Notice of Privacy Incident, another notification will be provided to the affected individuals within the timeframe provided by law after the discovery that more information was accessed.
The SOS is providing this notice so that those individuals potentially affected may be aware of what happened and can take the necessary steps to monitor any unusual activity regarding their personal information.
What you can do:
For more privacy protection information about your medical or privacy rights, you may visit the website of the California Office of Privacy Protection at https://oag.ca.gov/privacy. Breach Help Consumer Tips from the California Attorney General are available at, https://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/cis-17-breach-help.pdf. Top 10 Tips for Identity Theft Protection can be found at https://oag.ca.gov/idtheft/facts/top-ten.
We regret that this incident occurred and want to assure you that we are currently reviewing and revising our procedures and practices to minimize the risk of recurrence. If you have additional questions, please contact the Archives Services Manager at (916) 653-7715 Monday through Friday from 8:30 a.m. to 5:00 p.m., Pacific Time. You may also e-mail us with questions at email@example.com. Please do not include your social security number or medical information in your e-mail to the SOS.