SSA teleworkers may be putting personal data at risk, IG says

While teleworking is improving morale at the Social Security Administration, it also may be exposing individuals' personal information to unauthorized disclosure via employees’ computers, according to a new report from the SSA Office of Inspector General.

Under a union agreement, the SSA’s Flexiplace program allows nearly 30 percent of the workforce at the Office of Disability Adjudication and Review to work at home at least one day a week. Those 2,037 teleworkers screen and analyze cases, develop evidence and prepare decisions for individuals applying for or receiving disability benefits.

To perform their duties, the teleworkers take home case files on compact discs and laptop computers. Those files generally contain personally identifiable information that include claimants’ Social Security numbers, names, addresses, and earnings and medical histories.

While SSA managers have put some measures in place to safeguard the personal information, those measures may be inadequate and not be fully implemented, states the June 9 report from SSA Inspector General Patrick O’Carroll Jr.

“We [have] determined [that] Office of Disability Adjudication and Review practices may have exposed claimant data to unauthorized disclosure,” O’Carroll wrote.

For example, managers did not always effectively track the removal and return of personal information and allowed employees to remove personal data stored on unencrypted CDs. In addition, employees did not always follow the rules to lock down the personal data whenever traveling to or working at an alternative location, the report noted.

Overall, the telework program has risks, O’Carroll said. “The SSA has limited ability to control or detect how employees transport, store, or use personally identifiable information when they work [under the] Flexiplace" program, he wrote. "As such, the agency is at risk for unauthorized disclosure or intentional misuse of claimant personally identifiable information and must weigh risks against costs and benefits before implementing additional controls.”

But on the plus side, the teleworking program has improved worker motivation, the IG added. Flexiplace “has had a positive impact on their morale or helped them work more effectively at home because of fewer interruptions,” O’Carroll wrote.

To improve security, the inspector general made four recommendations:

  • Require that employees store personally identifiable information on encrypted and password-protected laptops.
  • Re-emphasize that employees must comply with policies.
  • Consider additional procedures to track removal and return of personally identifiable information.
  • Improve monitoring of employee compliance, and discipline employees who do not comply.

SSA managers generally agreed with the recommendations made in the report.

 

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

The Fed 100

Read the profiles of all this year's winners.

Featured

  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Tue, Jun 15, 2010 Reg

I agree Tom, if they've found telework to be such a great thing, then why not allow more of it? I only wish that I could have the opportunity to work from home withouth interruptions. With video teleconferencing and VPN access, there's little need for me to be in the office as well. Let's hope they address the PII concerns and expand telework to more SSA employees.

Tue, Jun 15, 2010 Gee DC

I think Tom should be happy that he gets even one day per pay period to telecommute. By the time this user gets done the paperwork to get on the list to be able to put in the forms to be reviewed by their own supervisor to be able to then be considered by the agency telework board for telework, I could retire after 20 years from the DoD...

Tue, Jun 15, 2010 Tom Pa.

I have been on the telework program one day per pay period, for over a year. I've had no problems what's so ever. With my job I could work telework five (5) days a week. It would not affect my performance at all. I do not need to deal with one person face to face anytime of the day. I can work better from home. There are no distractions', no unneeded visitors, just my computer and phone.
I can't understand why this place won't allow more then one day a pay??

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group