Oregon's most vulnerable children deserve to have their personal privacy respected. Foster parents, guardians and case workers have a legal and moral responsibility to maintain this privacy.
Unfortunately Oregon's overburdened foster care bureaucracy is failing to protect the privacy of our children in state care. Current policies go ignored, and state contracts with privatized agencies do not require strong privacy controls.
The system's failure to respect privacy has real-world repercussions for these children. Security breaches are a real and present threat to safety. Here in Oregon, in January of this year, the inadequate systems at the Department of Human Services led to the release of the private details of hundreds of service recipients. And every day, thousands more confidential documents are transmitted and stored, unsecured and unencrypted, waiting to be hacked or stolen.
A 2017 breach in Maine led to the private information of at least 2,100 children and adults being released online. In the United Kingdom in 2018, a foster family and child received death threats after a data leak from a hospital. Similar breaches could happen here at any time.
The foster system collects and compiles massive amounts of information on children in foster care. Detailed case notes are submitted weekly by foster parents and case workers. Every psychiatric and medical diagnosis is discussed and documented. Every incident involving a child in foster care is documented in detail. This is as it should be — detailed and accurate documentation, correctly leveraged, will allow Oregon's leaders to improve the foster care system.
However, this mass of information compiled on every child in foster care goes largely unprotected. Emails containing extremely sensitive information are sent unencrypted over the internet, vulnerable to hacking. There are no required security controls on the computers of foster parents, guardians and case workers — meaning that millions of documents generated in the process of caring for foster children are stored on unencrypted computers, mobile devices and small flash drives, open to theft.
Oregon's leaders need to take the privacy rights of children in foster care seriously. Our state needs immediate action to ensure that private information belonging to these children is protected, both in policy and in practice. How long can this situation continue before a disastrous outcome or catastrophic release occurs?
Unencrypted storage and transmittal of private information by the Department of Human Services and privatized foster agencies must stop — immediately. Systems must be put into place that will allow this information, so crucial to the care of children in foster care, to be managed in a manner that is secure from breach. We owe nothing less to Oregon's most vulnerable children.
Matthew Jones is a legal guardian, retired foster parent and health care administrator living in Southeast Portland with his husband, Ethan Jones.
Quality local journalism takes time and money, which comes, in part, from paying readers. If you enjoy articles like this one, please consider supporting us.
(It costs just a few cents a day.)