DCYF – So How Did You Determine to Send TMEW’s and My Personal Information To?

by
Skip
NH DCYF Logo

So to recap:

And now, I demanded information on the system / subsystem that is in use by DCYF that creates that list of people that would receive the private info (re: location) of where care givers. My granddaughter was amazed at the names that were reeled off over the phone by the DCYF representative. MY response was “what system do they have in order to get that information, determine the correct relationships, and who has access to that information?”.  So, another RTK – this time on some of the technical aspects of such a system (assuming it is computer based – and I have no reason to believe it isn’t).

BTW, DBMS stands for Database Management System:

Right to Know Request per RSA 91-A: “Family Connections” DBMS

Article 2-b of the NH Constitution by which all agents of NH Government (elected and administrative workers) shall obey:

[Art.] 2-b. [Right of Privacy.] An individual’s right to live free from governmental intrusion in private or personal information is natural, essential, and inherent.

Pursuant to the Right to Know Law (RSA. 91-A), I am demanding access, within 5 business days, to the following governmental records:

First:

  • Produce the form that which my wife and me, as currently unlicensed Grandparents, signed giving DCYF permission to share our personal contact information to those people that we don’t know (or they, us).

Second(IF an in-house system, even if hosted by an outsourced hosting service):

For the Division of Children,Youth and Families, provide the name of the database system (along with its supporting subsystems) that, when queried by DCYF staff with single given name, returns non-accused family members (immediate, secondary, tertiary, including those no longer part of a family due to divorce, et al) and their personal information such that DCYF can send them notification where any placed child can be reached.

Example: enter the name of an alleged abuse/neglect suspect and the DBMS returns records (and their personal information such that those people can be notified where a placed child can be found to foster family communications after being removed from the home.

Second – To also be included in the Responsive Records to this part of this RSA 91-A demand, provide the following if being used as an in-house system (if a software-as-service solution is being used, see Third, below):

  • The commercial name of the database management system (e.g., Microsoft SQL, Oracle, RDB, MySQL, Neo4J, MongoDB, et al) used to house “family connections” as described above.
  • Type of DBMS:
    • SQL/Relational
    • Non-relational
    • Object-oriented
  • The name of the hosting company as applicable (if not installed in-house):
    • AWS
    • Azure
    • Liquid Web
    • Other(s)

Audit Trail:

  • The Request For Proposal (“RFP”) sent to prospective vendors.
  • The listing of vendors contacted to demonstrate their wares
  • The scoring results of each according to the RFP.
  • The methodology used to evaluate the prospective DBMSs in processing the DCYF sample load including the methodology’s point/scoring system
  • The “point/scoring award” results for each of the vendors after the testing phase

 

  • The name of the winning vendor
  • The final contract and pricing, including (but not limited to):
    • purchase price
    • Pricing model: seats, capacity measurements
    • ongoing maintenance pricing per time period
    • automatic maintenance price increasing (if automatic)
    • training classes
    • webinars
      • on-site (e.g., admin, programming, in-house support)
      • off-site (including travel costs)
      • manuals (as applicable)
  • The implementation project plan showing major milestones and those costs vs (estimated vs actual)
  • Names of the NH State Government (employees, elected officials)
    • sign off of the winner
    • signing the contract.
  • The final cost of the implementation project management process.
  • The number of times that the support contract has been renewed and each version’s pricing.
  • Promised uptime/availability of the system as a whole

Current:

  • Actual uptime/availability since “Go Live” to now
  • Approximate size (in TB)
  • Capacity utilization (all standard measures).
  • Number of queries/day average
  • Number of search results/day average
    • Non-zero
    • Null
  • Personnel training/certification

 

  • Rate of growth of content
  • Enumerate the external sources / methodologies utilized in content lifetime for DBMS content:
    • acquiring
    • modifying
    • deleting
  • Number of data breaches
    • Timestamp
    • Number of records exposed/each incident.


Third – IF a commercial software-as-service solution is used instead of an in-house system (even if then hosted by a commercial entity such as AWS or Azure):

  • Repeat the above Responsive Record demands as applicable

Per RSA 91-A:4 IV(c) If you deny any portion of this request, please cite the specific exemption used to justify the denial to make each record, or part thereof, available for inspection along with a brief explanation of how the exemption applies to the information withheld.

As you are aware, in 2016, the New Hampshire Supreme Court ruled that a governmental body in possession of records is required to produce them in electronic media using standard common file formats: Green v. SAU #55, 168 N.H. 796, 801 (2016). Unless there is a valid reason that it is not reasonably practicable for you to produce these records in the requested format, I ask that you either do so or explain why it is not practicable for you to comply.

Please also note, per RSA 91-A:4 III, III-a, and III-b, you are required to maintain the safety and accessibility of such responsive records. This also includes such responsive records (e.g., emails) which may have been deleted from respective In mailboxes/Sent mailboxes or local folders but are still available on the applicable email server or in your / email host’s backup systems or file server(s).

Please let me know when these records will be sent to me for inspection. If you have questions, don’t hesitate to reach out. You may email the responsive records to me at Skip@GraniteGrok.com. If the volume turns out to be substantial, I have already set up a Dropbox folder for all of your responsive records to which they can be uploaded.

Thank you for your lawful attention to this matter.

Sincerely,

-Skip
Skip Murphy
Skip@GraniteGrok.com

I do wonder if anyone else that DCYF decides to pick on has the gumption and know-how to fight back without a lawyer? Would love to shake their hand!

 

 

Author

  • Skip
    Skip

    Co-founder of GraniteGrok, my concern is around Individual Liberty and Freedom and how the Government is taking that away. As an evangelical Christian and Conservative with small "L" libertarian leanings, my fight is with Progressives forcing a collectivized, secular humanistic future upon us. As a TEA Party activist, citizen journalist, and pundit!, my goal is to use the New Media to advance the radical notions of America's Founders back into our culture.

    View all posts

Telegram
Share to...
BufferCopyFlipboardHacker NewsLineLinkedInMastodonMessengerMixPinterestPocketPrintRedditSMSTelegramTumblrVKWhatsAppXingYummly