After a data breach in Monterey County’s social services department in 2013 on an old 2008 computer, the grand jury embarked on a study of the county’s privacy and security of on-line data and information systems. What it found was a gross lack in attention to data security mostly related to funding of education of best practices and new software protections for the issue.
Monterey County has this year revised its privacy and security policies, a project that has been going on for more than 6 years. But as of May 2014, the old 2002 – 2004 versions were still posted to the county website.
The grand jury made several recommendations following their investigation into privacy and data breach issues with the county. Along with more education of the issue and funding the necessary compliance with state and federal privacy laws, rules and regulations; the grand jury found that funding one full-time legal position for the County Counsel’s office is imperative. The “County Privacy Law Counsel” would be the county’s legal watchdog on the matter of privacy and data law.
The full report is here.
The report also noted that many county officials were not up to speed on current law in this area and there is a need to bring the county up to code immediately. The comparison in the report was made to liability insurance against events over which the county has little control including natural disasters.
The grand jury stated that failure to comply could cost Monterey County millions of dollars, per event, as in the recent commercial data breaches such as Target.