When I filed my last Right To Know with DCYF, I had tagged these last few items. Number of data breaches; Timestamp, and Number of records exposed/each incident. And I thought about that afterward, and I came to the conclusion that more needed to be asked of this area.
After all, I grow weary of seeing Government taking much (or TOO much) time in reporting their own breaches but hypocritically turning around and actively going after the private sector for the same thing. Every time I think, “Who are YOU to tell others how to manage their affairs but can’t do it themselves?”
Sidenote: funny, the Trump Administration decided to move in a direction that would leave us citizens alone to make our own decisions. Biden, on the other hand, has decided that we all are morons and must be told what to do – yet keeps on making a mockery of itself. But I digress…
Anyways, given that it was MY information put at risk, I was curious as to how the NH government, especially DCYF, handles our personal affairs.
Right to Know Request per RSA 91-A: “Family Connections” Data Breaches
Article 2-b of the NH Constitution by which all agents of NH Government (elected and administrative workers) shall obey:
[Art.] 2-b. [Right of Privacy.]An individual’s right to live free from governmental intrusion in private or personal information is natural, essential, and inherent.
Pursuant to the Right to Know Law (RSA. 91-A), I am demanding access, within 5 business days, to the following governmental records:
From the DCYF system that aggregates putative contact information of family members of accused suspects of abuse or neglect of a child such that they are sent the contact information of care providers for that child:
- Provide the number of data breaches since the “Go Live” date (when the system/subsystem was vetted for use for certain DCYF personnel in the performance of their duties) accomplished by either by State personnel or external actors (regardless of the “breach size”):
- Timestamp of each incident
- Number of records exposed per each incident.
- Provide the “we screwed up” confirmation announcement utilized to communicate the breach to each affected person/entity.
- For each breach, provide:
- the number of care providers affected.
- the number of accused affected
- Provide the remedy/remedy’s offered by the State, to those affected by the breach for remediation of the loss of their identity information
- Provide the total cost to the State/the State’s insurance companies spent:
- remediation costs
- legal defense actions (either through pre-court agreements, plea deals, court actions, et al)
Per RSA 91-A:4 IV(c) If you deny any portion of this request, please cite the specific exemption used to justify the denial to make each record, or part thereof, available for inspection along with a brief explanation of how the exemption applies to the information withheld.
As you are aware, in 2016, the New Hampshire Supreme Court ruled that a governmental body in possession of records is required to produce them in electronic media using standard common file formats: Green v. SAU #55, 168 N.H. 796, 801 (2016). Unless there is a valid reason that it is not reasonably practicable for you to produce these records in the requested format, I ask that you either do so or explain why it is not practicable for you to comply.
Please also note, per RSA 91-A:4 III, III-a, and III-b, you are required to maintain the safety and accessibility of such responsive records. This also includes such responsive records (e.g., emails) which may have been deleted from respective In mailboxes/Sent mailboxes or local folders but are still available on the applicable email server or in your / email host’s backup systems or file server(s) or other archival systems.
Please let me know when these records will be sent to me for inspection. If you have questions, don’t hesitate to reach out. You may email the responsive records to me at Skip@GraniteGrok.com. If the volume turns out to be substantial, I have already set up a Dropbox folder for all of your responsive records to which they can be uploaded.
Thank you for your lawful attention to this matter.
Sincerely,
-Skip
Skip Murphy
Skip@GraniteGrok.com
