State Field Offices Are Not Protecting Social Security Beneficiary Information From Potential Abuse and/or Misuse

Gao ID: HRD-81-151 September 30, 1981

GAO reviewed the extent of protection over social security beneficiary information given to the States.

GAO found that personal beneficiary data supplied to the States are generally not being adequately protected. For example, data in claimant files are not being controlled by State offices. Access to claimant files by employees in State welfare offices is unlimited and is not on a need-to-know basis. Log-out and log-in procedures are not being used to identify the location of a file during processing. Photocopy machines are not usually secured during nonworking hours. An employee or an outside intruder could select claimant files, copy the desired information in the files, and remove it from the office without anyone noticing. Claimant files are generally not secured in lockable cabinets, but are stacked around the offices in various locations. Access to welfare offices is not restricted. Many offices do not have instructions on how to dispose of documents containing personal information. The Department of Health and Human Services has not developed a consistent and comprehensive security program to be used by States in protecting beneficiary information.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: No director on record Team: No team on record Phone: No phone on record


The Justia Government Accountability Office site republishes public reports retrieved from the U.S. GAO These reports should not be considered official, and do not necessarily reflect the views of Justia.