Breach prompts California to change how it moves sensitive data


SACRAMENTO — A data breach that jeopardized the personal information of more than 700,000 people has spurred California officials to change the way they transport sensitive material.

Packages of payroll data, including Social Security numbers, will be delivered by courier rather than dropped in the mail. And officials are examining ways to transmit encrypted data rather than store it on microfiche.

“We’re looking to improve the process,” said Oscar Ramirez, a spokesman for the California Department of Social Services.

The overhaul follows a breach earlier this month involving information about people who provide or receive home care for the elderly and disabled. A package shipped by Hewlett-Packard, which handles payroll data for workers in California’s In-Home Supportive Services program, arrived damaged and incomplete at a state office in Riverside.

Labor unions that represent home care workers were outraged.

“We are dismayed by the revelation that confidential IHSS payroll information is being stored on non-encrypted microfiche tape,” said a statement from Doug Moore, head of the UDW Homecare Providers Union. “It is shocking that a large state like California would use such antiquated procedures to maintain confidential personal information — especially in this time of increasing identity theft.”

An investigation is ongoing, Ramirez said.