The labor union that represents most Social Security employees has filed a grievance against the agency based upon the alleged failure to provide physical security at agency offices. The complaint concerns the unescorted presence of contractors and cleaners and the like. This may or may not be a threat to the security of Social Security data but I don’t see how it is a threat to union members.
Interesting. I wrote GAM 15.07 in my prior life there. And was in the loop as the physical security aspects were revised. The union has a (technical) point here. And there is a perverse sense of triumph to tweak an agency that is strictly enforcing rules against the union to turn those tables on the agency. But items (5) and (6) are a stretch. They assume that the incidents have resulted in PII breaches and that's not how it works. There are steps that are needed. There is a need for an incident analysis and any actions that are needed (notice, remediation) come out of that. The union has skipped that step. Plus the idea of "damages" is misleading. The courts are wrestling with such issues still. But an interesting attempt to be a nuisance to the new COSS.
ReplyDeleteI agree that this is going to be difficult to show any real damages, however it seems that the new Commissioner is always talking about public service and taking away anything he seems as causing lax behavior in the field. In that regard the Union is right on and I hope this becomes a huge thorn in the Agency’s side until Saul backs off and let’s these people get back to work without his trump driven agenda being pushed for partisan political show.
ReplyDeleteThe complaint seems to conveniently dodge the union's use of a cell phone to take pictures inside an SSA office; an issue which is widely ignored by both employee and management.
ReplyDeleteLike 2:21pm, Remedy 5 and 6 seem to jump the gun. IF the union rep (SSA employee) had knowledge of such a PII loss, they too had the legal obligation to report such a loss timely. Unlike whistleblowing, mere suspicion does not equate to a PII loss. After all, employees are trained on protecting and securing PII and the employee would still be liable as the signs and training or consistent on such issues.
In the 3 offices I travel between, there are many contractors as of late that are often unsupervised. Some for employee benefits (water delivery), some facility related.
Would this go away with quiet revisions of the handbook and relevant materials? The complaint is definitely worded to stick it to the Commissioner while creating the fear piece the media would love to air and print.
On a tangent - has a bargaining unit employee be assaulted by a contractor, or vice versa?
Could this have something to do with laptops stolen in central office and (the threat at least of) having employees pay to replace their laptops when stolen?
ReplyDelete6:24 - the union is including whistleblowing in their complaint, and that would be the "cover" for the use of cell phone camera's in the office to document security violations. Otherwise it's just allegations. The whole issue of personal phones that have camera's (outside security agencies and areas, where they are indeed banned) has been a potential "security" issue across government for a decade. The security rules regarding such items simply do not reflect the 21st century.
ReplyDeleteAs for an employee knowing there was a PII loss in these incidents, nothing I saw here states that such occurred - they state that the incidents of unsupervised contractor incidents are to be reported as potential security issues (and that the rules exist because of the concern over PII.)
I suspect given the union focus on managers being held accountable that there will be allegations of employee reporting these to managers who dismissed it off hand and didn't report it per the rules.
So the point, I suspect, is that employees tried to do the job but management dropped the ball on numerous occasions. Hence the blowback on employees is avoided and the onus placed on management.
There is always friction between rules like these - especially ion a non-security agency like SSA and in areas that are off-limits to the public. For folks like the custodial staff, I'm not sure if suitability reviews are done. If they are, it wouldn't be hard to document them as similar to employees and on-site contractors who get badged and vetted. Removing them from the potential group of folks who need to be supervised by an employee.
But the water cooler guy, the plumber the landlord sends - likely not reviewed for suitability or vetted and therefore they must be supervised while on the premises. And yes, failure to supervise such folks would be a potential incident that would need to be reported. But whether such incidents actually are a PII breach is yet to be determined.
9:48 - stolen laptops are always to be reported and are always a potential PII loss and the incident must be examined to make a PII loss or non-loss decision. Equipment loss isn't new, nor is management making noise about making employees pay for such. It usually goes no where. Whole PCs used to walk out of the Woodlawn complex when they first started coming in. Unless employees were negligent, it goes nowhere.
That's interesting. I always escorted contractors, substitutes for cleaners, maintenance, etc. To their sites. I checked up on a regular basis plus regular check of monitors. So is the union saying the contractorss need to be babysat 100 percent of the time? Unrealistic. I always informed staff of everyone that was coming to do work. They in fact didn't care and complained it was TMI.
ReplyDelete9:48 the rumor was that the Altmeyer renovation contractor’s workers were stealing the laptops.
ReplyDeleteThe refurbished Dells? LOL.
ReplyDelete