USCIS telework may add to privacy risks, IG says

Report says two USCIS service centers with higher telework rates also had higher loss rates

The U.S. Citizenship and Immigration Services agency might be putting data with personally identifiable information at a higher risk of exposure by allowing its employees to telework, according to a report issued June 13 by the Homeland Security Department’s Office of Inspector General.

The IG analyzed whether teleworking contributed to higher rates of lost files at the four USCIS service centers.

The centers together lose an average of 27,000 alien registration files each month, by in-office workers and teleworkers, the IG said. The missing files typically contain personally identifiable information such as Social Security numbers, fingerprints and photographs, the report states.


Related story:

More feds teleworking, OPM reports


The IG found that the two service centers with the highest rates of telework participation experienced the highest rates of missing files. The Vermont service center was responsible for 39 percent of the lost files; its telework participation rate was 23 percent. The Texas service center accounted for 32 percent of the lost files, and its telework participation rate was 24 percent.

The Nebraska center accounted for 17 percent of the lost files and had a 17 percent teleworking rate, while the California center was responsible for 12 percent of the lost files and had a 7 percent telework rate, the report states.

“Greater telework participation increases the risks to personally identifiable information because teleworkers are transporting more Alien Registration Files to additional locations than if the [files] were processed at the office,” the report states.

One area of risk is from vehicle accidents while the files are being transferred, according to the report. In one such accident, numerous files were “scattered out of the car and across the highway,” the report states. In another incident, the driver was incapacitated and “unable to protect the personally identifiable information being transported in the car.”

On average, a USCIS adjudicator at a service center who teleworks four days per week will transport about 2,000 files a year between the office and the telework site, the report states.

The investigation also identified privacy risks from data contained on unsecured data storage devices and privacy weaknesses due to gaps in encryption, system auditing and monitoring.

The IG recommended that USCIS identify vulnerabilities and mitigation strategies at its service centers, issue privacy rules of conduct for teleworkers, and develop privacy requirements to address removable data devices and system weaknesses.

USCIS officials agreed with the recommendations.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

The 2015 Federal 100

Meet 100 women and men who are doing great things in federal IT.

Featured

  • Shutterstock image (by venimo): e-learning concept image, digital content and online webinar icons.

    Can MOOCs make the grade for federal training?

    Massive open online courses can offer specialized IT instruction on a flexible schedule and on the cheap. That may not always mesh with government's preference for structure and certification, however.

  • Shutterstock image (by edel): graduation cap and diploma.

    Cybersecurity: 6 schools with the right stuff

    The federal government craves more cybersecurity professionals. These six schools are helping meet that demand.

  • Rick Holgate

    Holgate to depart ATF

    Former ACT president will take a job with Gartner, follow his spouse to Vienna, Austria.

  • Are VA techies slacking off on Yammer?

    A new IG report cites security and productivity concerns associated with employees' use of the popular online collaboration tool.

  • Shutterstock image: digital fingerprint, cyber crime.

    Exclusive: The OPM breach details you haven't seen

    An official timeline of the Office of Personnel Management breach obtained by FCW pinpoints the hackers’ calibrated extraction of data, and the government's step-by-step response.

  • Stephen Warren

    Deputy CIO Warren exits VA

    The onetime acting CIO at Veterans Affairs will be taking over CIO duties at the Office of the Comptroller of the Currency.

  • Shutterstock image: monitoring factors of healthcare.

    DOD awards massive health records contract

    Leidos, Accenture and Cerner pull off an unexpected win of the multi-billion-dollar Defense Healthcare Management System Modernization contract, beating out the presumptive health-records leader.

  • Sweating the OPM data breach -- Illustration by Dragutin Cvijanovic

    Sweating the stolen data

    Millions of background-check records were compromised, OPM now says. Here's the jaw-dropping range of personal data that was exposed.

  • FCW magazine

    Let's talk about Alliant 2

    The General Services Administration is going to great lengths to gather feedback on its IT services GWAC. Will it make for a better acquisition vehicle?

Reader comments

Fri, Aug 19, 2011

It sounds like USCIS management is dragging their feet. That is probably because management is computer illiterate, doesn't understand the available security options and doesn't know how to make a reliable security policy. Are they really still relying on paper files? Someone needs to ditch those dinosaurs. PS Do not take this comment as age discrimination; I am over 60. It is the stagnant mindset that aggravates me.

Fri, Aug 5, 2011

USCIS is no way under funded. They are funded quite well by the legal immigrants, not the Govt, but the money might be used for other Govt bodies.

Tue, Jul 5, 2011 Mark

It is amazing that anyone can telework with the claims from USCIS. They are not the only agency with PII and others are teleworking just fine. The issue with USCIS is that their IT department is underfunded, understaffed and basically unable to manage VPN. In addition, the management / leadership in USCIS is totally opposed to telework. They have been fighting allowing employees to telework for years.

Tue, Jun 28, 2011 Former DHS employee DC

If their telework policy allows the transfer of paper files, then there is a MAJOR flaw in their policy and the Privacy Office at DHS HQ should be all over them like fleas on a dog. This should have been identified in the risk assessment for the service centers, if it had been performed properly. If the service centers have the same access as the user's work computers, why not provide network access, or at least to a DMZ where they can access files.

Mon, Jun 27, 2011

Why are they taking paper files home in the first place? Shouldn't paper documents be scanned into a computer as .pdf files for viewing at home and the paper left at the office? A 24 inch monitor at home will allow the user to display two documents or a document and an input form at the same time.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above