Jun 2, 2009

Personally Identifiable Info On Lexis/Nexis?

This is the entire report released by Social Security's Office of Inspector General (OIG):

Quick Response Evaluation: Access to Personally Identifiable Information Available in the LexisNexis Total Research System (Limited Distribution) (A-07-09-19059)

Our objective was to determine whether the Social Security Administration's policies and procedures safeguard personally identifiable information (PII) in LexisNexis from improper use by Agency employees.

Our review found that SSA needs to establish policies and procedures to adequately safeguard PII available in LexisNexis applications from improper use by its employees. SSA also needs to establish the related instructions for restricting this access.

This report contains restricted information for official use. Distribution is limited to authorized officials.

4 comments:

Anonymous said...

The point of this was not that PII from SSA is on Lexis/Nexis but that agency employees using agency Lexis/Nexis accounts were properly using the infomration (including PII) that they gleaned from there.

Anonymous said...

That's not the entire report, just the limited distribution version. The rest of the report is classified for authorized users only.

Hon. Joyce Krutick Craig, U.S. Administrative Law Judge (Ret.) said...

The irony of SSA's paranoia over the issue of PII is that there is so much of it out on the web for anyone to see. Try typing your telephone number into Google. Your complete address will come up. Try typing your address into www.zillow.com and your home will be pictured with the laste assessed valuation (purporting to be the fair market value) listed, the number of square feet, how many bedrooms, bathrooms, etc, and box for people to enter their info so that a realtor can contact them about your home. If you have an unlisted telephone number there are websites where people can pay $9.95 to get your phone number. For a similar fee they can get your driver's license and other pertinent PII. So why SSA is so paranoid about its own employees properly using the database Lexis provides is beyond me, both now as a retired ALJ, and when I was still active. I wish they were more concerned with reducing the backlog in a way that produces a quality decision that comports with due process and the rule of law instead of producing widgets. Then judges like myself would still be on the bench instead of trying to start a law practice.

Anonymous said...

This report isn't scary. The fact that OIG just realized this is. But hey that goes with the territory