Cybersecurity

Watchdog warns on HUD's PII risks

HUD HQ By Mark Van Scyoc Shutterstock photo ID: 260703998 

The Department of Housing and Urban Development is failing to safeguard and manage more than 1 billion records containing personally identifiable information, according to a management alert from the agency's internal watchdog.

The management alert bulletin, issued Jan. 13 by HUD's Office of Inspector General, warns that "HUD is unable to identify, categorize, and adequately secure all of its electronic and paper records that contain personally identifiable information."

An accompanying memorandum, circulated to HUD officials in December, points to several risk factors. HUD maintains legacy systems that lack basic electronic transaction processing capabilities, which in turn leads to a reliance on paper processing. A survey of HUD officials found that many in the agency are concerned about the volume of paper records held by the agency -- including mortgage binders with personal and financial information.

The December memorandum indicated that a formal report was forthcoming but that in the course of the assessment, OIG personnel "encountered specific records management and privacy issues that pose a serious threat to sensitive information that we believed important to raise now rather than wait for the conclusion of our broader evaluation."

The OIG probe also found that HUD lacks an complete records inventory and that eight of 25 offices surveyed had an inventory of electronic records with personally identifiable information. What's more, HUD systems don't allow for any kind of enterprisewide search to locate sensitive information. The agency also is lagging behind in governmentwide efforts to convert from paper to electronic records and in implementing a data classification process to identify and tag controlled unclassified information.

"As a federal agency housing such an extensive amount of sensitive data, HUD must prioritize its capability to properly identify and protect this information," the OIG alert states. "Failure to do so places both the agency and private citizens at risk."

The alert comes as some in Congress are concerned that HUD is leveraging facial recognition software to provide security in facilities subsidized by the agency. A group of Democratic lawmakers from the House and Senate asked HUD Secretary Ben Carson in a Dec. 18 letter about the use of such technology in federal subsidized housing, including rules about biometric data collection and retention.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Featured

  • Acquisition
    network monitoring (nmedia/Shutterstock.com)

    How companies should prep for CMMC

    Defense contractors should be getting ready for the Defense Department's impending cybersecurity standard expected to be released this month.

  • Workforce
    Volcanic Tablelands Calif BLM Bishop Field Office employee. April 28, 2010

    BLM begins move out of Washington

    The decision to relocate staff could disrupt key relationships with Congress and OMB and set the stage for a dismantling of the agency, say former employees.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.