Overview
- The NCRC’s Adoption Central Management System contains data pertaining to ~300,000 adoptees (domestic and international).
- The current whereabouts of a CD containing ACMS data are unknown.
- On July 23, 2021, ACMS data was exposed after an NCRC employee gave an external contractor system access.
Background on Adoption Central management system (ACMS)
- Adoption Central Management System (ACMS) is the database used by NCRC for all adoption-related affairs, including birth family searches.
- Most of the data comes from the 4 big adoption agencies (Holt, ESWS, KSS, KWS).
- Data includes:
- Data pertaining to ~300,000 adoptees.
- Adoptee name, date of birth, place of birth, birth parents’ names, ages, and addresses, procedures of the adoption, health status, social history, etc.
- In 2018, the NCRC received a CD containing data from the ACMS.
- This CD was part of the Adoption Database Migration Project, completed in 2019.
CD Storage Breakdown
- The CD only contains text-based data, NOT photo scans.
- One page of text is ~2-4 KB.
- A CD can contain up to 700 MB of data (0.7 GB).
- The NCRC already had a database of data.
- The ACMS CD allowed:
- New data to be added.
- Existing data to be verified.
CD Loss
- In 2019, the NCRC confirmed receipt of the CD.
- The CD is not currently in the NCRC’s inventory.
- The whereabouts of a CD containing ~300,000 adoptees’ data cannot be verified.
Personal protection act violation
- On July 23, 2021, ACMS records were exposed after an NCRC employee gave an external contractor login credentials without proper approval, allowing outside access with no tracking of what data was viewed or copied.
- From an NCRC employee : “I opened access via email so that their [the external company’s] IP could connect to our agency’s server. There were no established procedures. I’m ashamed.”
- This may violate Korea’s Personal Information Protection Act (i.e. no access limits, no logs, no secure handling).