SANTA FE, N.M. (KRQE) – In response to a report by Searchlight New Mexico revealing CYFD employees used an encrypted mobile app in violation of public transparency laws, House Republicans have requested the Attorney General and State Auditor address these potential violations of New Mexico’s IPRA statute. They demand an investigation into what extent the use of encrypted communications is among state agencies.
“It’s absolutely unconscionable for the agency that’s tasked with protecting our most vulnerable population to delete the very communications that can help us and aide in the reform of that failing agency,” Rep. Rebecca Dow said. CYFD is under fire for using a secure messaging app called Signal in which messages among staff can disappear.
House Republicans are calling on the Attorney General and State Auditor to investigate whether the agency violated the Inspection of Public Records Act by deleting public documents. But, CYFD Secretary Brian Blalock said the department is using the secure app to comply with HIPPA and other privacy laws while working from home during the pandemic.
“If we were communicating, especially while folks are working remotely, under unsecured channels talking about children and families, we wouldn’t be doing our moral or legal obligation in order to keep that information secure and private,” Secretary Blalock said.
He said at the start of the pandemic, the department’s technology was not advanced enough to support 80% of the 2,000-staffed department to work from home. So, they started using secure channels of communication like the Signal app. House Republicans said HIPPA is not an excuse for disappearing communications.
“It would also be a HIPPA violation for a medical provider to share my record with the public. But that doesn’t mean my healthcare provider is shredding and destroying my health record,” Rep. Dow said. Secretary Blalock said the Signal app is used for quick check-ins on clients and for staff to check in on each other. He said any information shared on the app that should be saved, is.
“There’s a mechanism to do that in the notes section just if someone received a phone call or a letter or sat in person in a meeting,” he said. “We are not destroying anything that could be considered public record or public document. Anything that we’re required to keep under IPRA, we’re absolutely retaining.”
Secretary Blalock said the department will most likely continue to use the app but is open to other forms of secure communication. “I think what would shred the trust, shred the public trust in CYFD, would be if we were conveying personally identifiable, confidential information on channels that are not secure…which would be contrary to federal law and also, I think contrary to public trust,” he said.
It’s unclear if other state agencies or the governor’s office are using similar forms of communication. But it’s a concern for House Republicans. “I’m very concerned that this may not just be CYFD and we need to know how many state agencies are doing this and if in fact, the governor is doing it within her own executive branch,” Rep. Dow said.
In an emailed statement to KRQE News 13, a spokesperson for the Attorney General said,”It is highly concerning that public employees are potentially deleting public information without a thorough legal process, and we are reviewing the matter.
House Republicans are also calling on the governor to provide a report detailing whether her office staff or cabinet-level staff use data encryption and data dumping.