From a report by Social Security's Office of Inspector General (OIG):
Federal Computer Week has picked up on this OIG report.
Negotiated agreements between the Social Security Administration (SSA) and its unions established Flexiplace for ODAR [Office of Disability Adjudication and Review] bargaining unit employees. Flexiplace allows qualified hearing office staff to perform assigned work at a management approved alternate duty station (ADS), which is typically their personal residence. As such, employees who participate in Flexiplace take claimants’ case files to their ADS. These case files can be in paper form or stored on portable devices, such as compact discs (CD) and laptop computers, and generally include claimants’ PII [Personally Identifiable Information]—Social Security numbers (SSN), names, addresses, earnings information, and medical histories. According to an ODAR survey, approximately 2,037 (29 percent) of its 6,992 employees worked Flexiplace at least 1 day per week in Calendar Year 2008. ...
To accomplish our objective, we selected 20 hearing offices. At each office, we randomly selected and interviewed hearing office employees who participated in Flexiplace in Calendar Year 2008 as well as group supervisors. We also interviewed each office’s director and chief ALJ. In total, we interviewed 135 hearing office employees and 75 managerial staff. ...
According to most ODAR employees we interviewed, SSA’s Flexiplace program has had a positive impact on their morale or helped them work more effectively at home because of fewer interruptions. ...
ODAR’s practices over PII did not properly protect claimant data that Flexiplace employees removed. For example, ODAR management at 17 (85 percent) of the 20 hearing offices we visited allowed Flexiplace employees to remove electronic PII that was stored on unencrypted CDs. As long as employees placed claimants’ electronic data in a locked container, ODAR considered the employees to be taking proper steps to secure PII. However, we do not believe such controls are sufficient because PII remains vulnerable to unauthorized disclosure when it is “secured” in such ways.
The Office of Management and Budget (OMB) requires that Federal agencies encrypt all data on mobile computers/devices, unless the data are not sensitive. To address OMB’s requirement, SSA implemented a policy that requires employees use Agency approved encrypted or password protected electronic devices when PII is removed in electronic form. ... While SSA is working on an encryption solution for ODAR, we believe ODAR needs to adequately safeguard claimants’ electronic data by requiring that employees save PII to an encrypted and password protected laptop—at least until the Agency implements a complete encryption solution.
1 comment:
SSA HQ Management refuse to get on board with telework. It is because managers and executives don't trust employees and think that if they can physically stand over an employee, they can control them. In other Federal agencies and private sector jobs, I've never been treated with such mistrust. The Baltimore area, like many, is highly congested, traffic always backed up. Working at home is proven to increase productivity, reduce traffic congestion, and reduce pollution. GS-12+ employees with advanced degrees are treated like children. Such a waste of good talent that is desperately needed to improve Social Security programs.
Post a Comment