SSA teleworkers may be putting personal data at risk, IG says

While teleworking is improving morale at the Social Security Administration, it also may be exposing individuals' personal information to unauthorized disclosure via employees’ computers, according to a new report from the SSA Office of Inspector General.

Under a union agreement, the SSA’s Flexiplace program allows nearly 30 percent of the workforce at the Office of Disability Adjudication and Review to work at home at least one day a week. Those 2,037 teleworkers screen and analyze cases, develop evidence and prepare decisions for individuals applying for or receiving disability benefits.

To perform their duties, the teleworkers take home case files on compact discs and laptop computers. Those files generally contain personally identifiable information that include claimants’ Social Security numbers, names, addresses, and earnings and medical histories.

While SSA managers have put some measures in place to safeguard the personal information, those measures may be inadequate and not be fully implemented, states the June 9 report from SSA Inspector General Patrick O’Carroll Jr.

“We [have] determined [that] Office of Disability Adjudication and Review practices may have exposed claimant data to unauthorized disclosure,” O’Carroll wrote.

For example, managers did not always effectively track the removal and return of personal information and allowed employees to remove personal data stored on unencrypted CDs. In addition, employees did not always follow the rules to lock down the personal data whenever traveling to or working at an alternative location, the report noted.

Overall, the telework program has risks, O’Carroll said. “The SSA has limited ability to control or detect how employees transport, store, or use personally identifiable information when they work [under the] Flexiplace" program, he wrote. "As such, the agency is at risk for unauthorized disclosure or intentional misuse of claimant personally identifiable information and must weigh risks against costs and benefits before implementing additional controls.”

But on the plus side, the teleworking program has improved worker motivation, the IG added. Flexiplace “has had a positive impact on their morale or helped them work more effectively at home because of fewer interruptions,” O’Carroll wrote.

To improve security, the inspector general made four recommendations:

  • Require that employees store personally identifiable information on encrypted and password-protected laptops.
  • Re-emphasize that employees must comply with policies.
  • Consider additional procedures to track removal and return of personally identifiable information.
  • Improve monitoring of employee compliance, and discipline employees who do not comply.

SSA managers generally agreed with the recommendations made in the report.

 

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.