ELK GROVE, CA – On November 30, 2021, following an investigation, California Correctional Health Care Services (CCHCS) sent out approximately 2,550 notification letters for a privacy incident involving Personally Identifiable Information (PII) that occurred on September 3, 2021, when labor unions were emailed a report with non-member data.

AB119 requires organizations to provide certain personal information of their staff to relevant bargaining units as a quarterly report. This information includes the individual’s first and last name, classification, classification code, collective bargaining unit code, and home address. This information was inadvertently sent to non-applicable labor unions in addition to the individual’s appropriate bargaining unit.

The incident was reported immediately and fully investigated. As a result, the existing “Personnel Operations Manual” has been updated to include the proper instructions on how to disseminate the AB 119 Quarterly Report. Training on privacy awareness and information security was provided to the individuals involved. Additionally, CCHCS’s Privacy Office is taking comprehensive steps to ensure that the unintended recipients understand the confidential nature of the information provided and that the e-mail and its contents have been properly destroyed.

CCHCS takes all security incidents seriously. Out of an abundance of caution, CCHCS sent notifications to all effected staff with information about the incident as well as links to resources to establish fraud alerts and understanding privacy rights.

For non-media inquiries, please contact:
CCHCS Privacy Office
(877) 974-4722 or write to:
California Correctional Health Care Services
P.O. 588500, Suite D-3
Elk Grove, CA 95758-8500