California Court Posts SSNs, Medical Records

Lucas123 writes "California's Riverside County Superior Court's Web site is serving up document images containing SSNs and detailed medical records relating to civil cases, according to a couple of privacy advocates. All of the documents are free to anyone who knows where to look for them. 'Searches done on the court's Web site turned up various documents related to civil cases that contained sensitive information. Included were complete tax filings, medical reports pertaining to cases handled by the court, and images of checks complete with signatures as well as account and bank-routing numbers.'"

Individuals are the only ones who care

[rbanzai (596355)]

Only YOU care if your information is made public. There is absolutely no reason for any public or private organization to give a shit, and they make that evident over and over. Until it is more cost effective for them to protect the info than to leak it they will continue to do so. And that's never going to happen.

Enter legislation

[Nerdposeur (910128)]

Until it is more cost effective for them to protect the info than to leak it they will continue to do so.

Which is why we need legislation that will fine them for releasing that information.

Another idea would be to demote the person who made the decision to post that stuff publicly to Official Identity Theft Aftermath Cleanup Technician.

Re:

[Sparks23 (412116)]

Why not just make a law that if someone has leaked your identifying financial information, if you become a victim of identity fraud they can be held responsible? I.e., have to fund the fixing-it-up?

Doesn't matter if you can't prove /their/ leak is where the information got out. If they leaked and your identity is stolen, they're liable. THAT would work as a deterrent, I think.

Re:Enter legislation

[zymurgyboy (532799)]

A leak would be one thing; these muppets INTENTIONALLY POSTED this stuff. From TFA:

But the court's IT director defended the practices, saying that documents are being posted on the Web site in accordance with California laws and that finding data such as Social Security numbers is akin to "finding a needle in a haystack."

Wow.

You know, just because something can be done, doesn't mean it is necessarily to be done. This guy may want to take a look at Maryland's case search engine [state.md.us] to see an example how someone with some sense would do it. Jeebus.

Re:

[icepick72 (834363)]

The problem is when the needles in the haystack are found they are immediately made available to everybody. There's a measure of Internet sensibility that isn't being adhered to. When the medium changes, often the rules need to change too.

Re:

[zymurgyboy (532799)]

Why stop there? French privacy laws provide for jail time under certain circumstances.

Identity theft is really pretty easy, in large part because everyone from the government to the local grocer can get away with playing fast and loose with whatever data of yours they have on hand. Fines won't stop that, especially if the payoff is larger than the fine anyway.

We'd be better off if we stopped locking up rinky-dink hop heads and replaced them with the aiders and abettors of identity thieves.

Re:

[jlarocco (851450)]

Which is why we need legislation that will fine them for releasing that information.

WTF? We're in bad shape when a "There should be a law..." post gets rated Insightful

Making a new law isn't going to help anything. It's against the law to kill people and smoke pot, but it happens all the time. Sure, the companies will pay some tiny fine as punishment, but that doesn't really solve the problem of "Your private info was just given to scumbags".

The only way to make companies stop losing information

Re:

[Atlantis-Rising (857278)]

Court documents are publically accessible, yes. There are a handful of exceptions (they can be sealed by judicial order, although it is rare) and accessing the dead-tree versions is simply more time-consuming than accessing the online documents, but they're still there.

In many cases, it's also possible to simply call or fax the court office and ask for the information to be sent to you, so you don't even need to poke through the information yourself.

That said, I don't think it's either possible or reasonabl

Re:Enter legislation

[frosty_tsm (933163)]

Official Identity Theft Aftermath Cleanup Technician.

Better would be a demotion to "Public Toilet Cleanup Technician"...

"Official Public Toilet Aftermath Cleanup Technician"?

Re:

[NeutronCowboy (896098)]

I think it goes beyond that. In the case of court filings, documents used in the case become public evidence, and as such, are required to be available publicly. At least, that's my understanding.... not sure how that applies to information that would normally be covered under HIPAA or similar privacy laws.

This is just the tip of the iceberg of the information flood. As much as people hate the idea here, I think that there is a need for a federal ID piece that can be used to positively identify someone, wit

Re:

[nexuspal (720736)]

Yeah lets tie it in with DNA so nobody can forge it! Hell, lets just implant a tiny RFID at birth while we're at it... It's already bad enough people need to fingerprint to use a vehicle, or if you are arrested for any reason, a DNA sample is taken. Lets just start it at birth!

Re:

[NeutronCowboy (896098)]

Those are bad ideas, because they can't be changed. That's why I didn't use them. Do you have an idea on how to solve the problem of positive ID? How to prove you are you, when lots of people are trying to impersonate you? Or do you just like to cling onto an outdated idea of privacy that didn't even work well in the Wild West?

Re:

[nexuspal (720736)]

I believe any positive ID will be used in the future to control the population. I don't like to be controlled, categorized, and treated as a number, or a marketing demographic/classification by a government that is armed to the teeth, and has shown time and time again that they believe they are above the law. Remember the term "Papers Please" shown in so many WWII movies... ah yes, papers to control people, imagine if they had DNA or what have you... Do you think a single Jew would have made it out? A pa

Re:

[NeutronCowboy (896098)]

Two things: positive ID is already required in a number of instances. The current system is just so wide open for abuse that it's unconscionable. Furthermore, the Wild West system was completely ripe for abuse - primarily because there was no real way of knowing whether what anyone said about themselves was true.

Lastly, I'd also challenge your belief that any positive ID will be used to control (in the Orwellian sense) the population. Jews snuck out because people didn't know their race when the presented f

Re:

[eln (21727)]

Maybe everybody gets their own private PGP key at birth?

Sure, and then someone gets access to your private key and then you're boned for life.

Same problem with exclusive use of biometrics: If someone manages to forge your biometric signature, you're completely hosed because you can't change it.

Re:

[NeutronCowboy (896098)]

Just like changing your name, you can have a process that lets you update your PGP key. With biometric information, that's not controllable.

The point is that if someone gets a hold of your personally identifying information now, you're boned as well. Why not make the process by which that information is obtained as hard as possible?

There are plenty of services that don't need personally identifying information, but there are some that do. Encrypt information to be sent with your private PGP key, and the oth

That's why some courts redact such information

[davidwr (791652)]

In some courts, "public" information is routinely redacted. You have to get a court order or be someone special to see the originals.

This also applies to evidence in criminal cases too. If I defraud 10 people's bank accounts at ACME Bank, those account numbers may be redacted depending on the court and whether the accounts are still active. If I'm on trial for k1dd13 p0rn or stealing nuclear secrets you can bet the main evidence will be sealed from public view.

Re:

[zymurgyboy (532799)]

Just because something is public record doesn't mean it necessarily must written in block caps plastered on the nearest billboard. Some information -- even public information -- should have a gatekeeper. If it were my tax return, I think I'd want someone seeking it to have to ask the court clerk for it, and possibly, explain why.

Re:

[TheHorse13 (908512)]

A little regulation called HIPAA is supposed to handle this sort of issue. I wonder who will be doing the jail time if it's found that due diligence wasn't followed?

Meanwhile....

[Otter (3800)]

Meanwhile, in Italy, the outgoing government posts everyone's income and tax data [bbc.co.uk]. Deputy Economic Minister Vincenzo Visco bizarrely explains:

This already exists all around the world, you just have to watch any American soap to see that.

SCrubing SSN's is not the answer

[geekoid (135745)]

the answer is to stop using them for credit scores and ID.

Re:

[Fozzyuw (950608)]

the answer is to stop using them for credit scores and ID.

What would replace them?

Re:

[Bryansix (761547)]

This is exactly the correct point. A SSN does tie to a single person but it shouldn't be used to authenticate that the person serving it up really is the person tied to the SSN. Real authentication needs to take place. Shoot, I'd rather have to give my fingerprint if it meant I wouldn't have my identity stolen.

Furthermore when an ID is stolen, the company that let the theif sign up for credit in someone elses name should be fined and scrutinized for further possible fraud. We need to make the companies

Re:

[gd2shoe (747932)]

A SSN does tie to a single person...

This is a common misconception. There are honest duplicates within the system. I'm not talking about the "undocumented worker" down the street. Duplicate SSN's are issued. You need some other information such as a name to make it a unique identifier.

There are almost 304,000,000 people in the US. If they were unique, that would mean that a third of the total possible SSNs must be used just for the current living population. Count everyone who has died since 1936

Re:

[Bryansix (761547)]

I'm sorry but when a 4 foot tall woman shows up to give my print I think they'll figure it out. I'm 6 feet tall and a guy. The point is to make it harder to be a criminal. Right now you don't even have to leave your house.

Cost/Benefit. They don't cost, and do benefit.

[Behrooz (302401)]

Unfortunately, all of the costs of identity fraud are borne by the consumer, while all of the benefits of quick/insecure identification are reaped by the lending industry.

Strong and secure methods of identification and verification need to make their way into the financial world, but changing the existing infrastructure is expensive, so it isn't going to happen. At least, not until some enterprising individual has their identity stolen and successfully manages to sue the lending industry for fraud...

Easily predicted

[NaCh0 (6124)]

The more you tell your life to government (and anyone really), the more it will find it's way into general knowledge. This is one of the reasons I'm against any "universal" government program. Heck, it doesn't even have to be medical records. Think back to the recent passport flap with high profile politicians. The government is not looking out for you.

Hey public record

[DarkOx (621550)]

Most court proceedings are a matter of public record unless a judge orders them sealed. I should be this way too because we have a legitimate interest in what is going on in our courts. That information is probably relevant to the decisions on the quality of the proceedings much of the time. Frankly as much as its unfortunate for the people and organizations that find themselves in the court rooms, its probably the right thing to do to publish those items.

Re:

[whoever57 (658626)]

Most court proceedings are a matter of public record unless a judge orders them sealed.

Or option 3: redacted versions of the documents can be published. The redacted versions will have private information removed.

Court documents are sealed all the time. There is no reason why medical information and SSNs should not be sealed or redacted.

Government Logic - SB1386

[a-zarkon! (1030790)]

I love the fact that this is a California court. California being the leader in privacy protection and breach notifications and everything with their landmark SB-1386 legislation.

Court Information is public record

[PhreakOfTime (588141)]

While it is unfortunate that such things as SSN's are being made public, the hard reality is that anything contained in a court record is public information.

Open access to government is a two way street, and is meant to prevent corruption and give the public a clear view what their government is doing.

On a side note, my county also publishes court records on the internet that are public information. However, it is limited to the court schedule, case#, charge, and attorney schedule.

The fact that this schedule is public information is still not a concept some people are aware of. Ive heard stories from court employees of upset people coming in and demanding that their DUI case be taken down from being publicly viewable. Unfortunately for these people, the law says otherwise.

I even have personal experience in some of the reactions people have to this publicly available information after I posted a link to the county courthouse on one of my websites. A Company called Caton Commercial [willcounty...tcourt.com] even went to far as to have their attorney draft a cease and desist letter threatening me with legal action, and demanding that I remove this linked information, and turn over my legal domains to them to stop this 'knowingly libelous' action. Although, Im not sure that they thought through how they were going to present to a judge their case that the courts own website schedule was the source of this so-called libelous information. Like every other company before that has failed to grasp the concept of the internet, all the attention this brought to the linked information was a lovely demonstration of the 'Streisand Effect'. Once again, adding more weight to the phrase 'more dollars than sense'.

Re:

[SCHecklerX (229973)]

The case itself is one thing. Private information about a person, that has nothing to do with the case itself, is quite another.

Re:

[PhreakOfTime (588141)]

I agree with you.

I also agree with the google filter that knows that its not 'google-bombing' when the hyperlinked word is actually contained in the website that is being linked to.

Violation of federal law:

[Rageon (522706)]

I can't imagine this will last long, as it's a clear violation of federal law. I work for a court, and we ALWAYS need to redact SSN from every order (unless it's just being disclosed to that specific person). It's against state law here, but also federal. From 42 U.S.C. 405(c)(2)(C)(viii):

Social security account numbers and related records that are obtained or maintained by authorized persons pursuant to any provision of law enacted on or after October 1, 1990, shall be confidential, and no authorized person shall disclose any such social security account number or related record.

So I really can't imagine the court can defend this in any way at all.

Re:

[cprael (215426)]

Right. Have you looked at federal lien filings? Tax and court both are _required_ to include the SSN/taxpayer ID # when filing this stuff. I can walk into any county records center and pull this stuff up. Since it's digitized, I can also usually search by type of filing.

And you'll note that "pursuant to any provision of law enacted on or after October 1, 1990" portion. Generally these filings are based on law going a lot further back than that.

Sorry to burst your bubble on this.

Amateurs ...

[golodh (893453)]

I'm ashamed of California's state government ... this "disclosure", while well-intentioned, is second-rate and amateurish beyond belief.

Just to see how it's done, have a look at the way the Italian Government handled things (http://news.bbc.co.uk/1/hi/world/europe/7376608.stm).

See? Now *that's* what I call disclosure. Those piddly efforts in California don't even come close.

the system needs to change

[blhack (921171)]

Lets face it, the concept of a SSN being a positive identification needs to just stop. Do I have a solution? No, but the fact that somebody can walk into a bank and open an account in my name simply by possessing My publicly available address, and a 9 digit number needs to be looked at as an absolute failure. The tin foil hat wearing crowd will object until the very end, but IMHO biometrics need to become the standard. A retina scan, is something that is not easily forged (i'm not saying its not possible

One word -

[sm62704 (957197)]

HIPPA [wikipedia.org]

Somebody's in some DEEP SHIT over that. Iinm a judge can't order that a federal law be broken unless that law has been deemed unconstitutional.

Nothing To Do With HIPAA

[Kozar_The_Malignant (738483)]

HIPAA is the Health Insurance Portability and Accountability Act of 1996. It regulates Health Insurance. It contains a Privacy Standard that regulates how Protected Health Information (PHI) may be used. A little piece of it says that your SSI# can't be used as your ID number in health insurance. There are still lots of legitimate uses for that number both in and out of health insurance.

Nothing in HIPAA has anything to do with the court system. I want court records to be public documents. I want un

Re:

[Drantin (569921)]

Perhaps not with HIPAA, but how about The Privacy Act [wikipedia.org]?

Re:

[Drantin (569921)]

Never mind... court records seem to be exempted...

Why do we tolerate the civil court system?

[dloyer (547728)]

It only exists to make money for lawyers.

If you have ever been unlucky enough to be involved with a lawsuit, you know how greedy and "entitled" these "officers of the court" are.

Re:

[Vegeta99 (219501)]

So what was I supposed to do about the bitch that hit my car last year, never told her insurance company, and the cops wouldn't do shit about it? Sit on my thumb and rotate? Go blow up her car?

If you are going to court in CA

[alex_guy_CA (748887)]

Take a big fat sharpie and blacked out all account and SS #'s. Really.

Needle in a haystack

[exp(pi*sqrt(163)) (613870)]

> finding data such as Social Security numbers is akin to "finding a needle in a haystack."

Haven't these people heard of computers? You know, those things you use to rapidly search for digital needles in digital haystacks?

Remember kids, wikileaks=wrong, us courts = OK

[plasmacutter (901737)]

Remember kids, if you are a public interest blog, you are gagged for simply having the POTENTIAL to release this information.

It's perfectly ok though for the federal government to actually do it.

Re:

[eln (21727)]

Don't FOIA regulations already allow for redacting of documents to eliminate classified information prior to release?

I haven't read FOIA in its entirety or anything, but it seems to me it would allow for redacting to comply with HIPAA as well.

Re:

[flink (18449)]

Courts are not HIPAA covered entities. Only health care providers, health care clearinghouses, and health plans are covered. Before you ask, a court doesn't count as a clearinghouse. In over simplified terms, a clearinghouse is a covered entity that processes information on the behalf of another covered entity.

Re:For those of you who know of anyone who's a vic

[eln (21727)]

If you're really paranoid about identity theft, then go for one of the credit monitoring services run by a credit bureau. The one I've found most useful is truecredit.com, which is run by TransUnion (which, by the way, is by far the easiest credit bureau to deal with in my opinion). It costs a little more than most others ($14.95 per month) but it allows you to update your credit report from all three bureaus as often as you want (daily if you really want to) and offers online dispute filing for all three

Re:

[Z34107 (925136)]

Troll?

Either way, this is stuff that Epic Systems of Verona, WI has already done. Their software runs at a lot of hospitals, from the check-in desk to the little dumb terminal in the doctor's office that brings up your charts and records.

They also have a "dashboard" application where you can check your medical records and schedule appointments online. I don't know of any hospital near me that uses that app, but some hospitals advertised the online features they got from Epic on television.