How Social Security goes about protecting private information was the subject of a congressional hearing May 26, 2016 in relation to the Office of Inspector General (OIG) releasing an audit report that showed Social Security needs to do a better job of protecting private information like Social Security numbers, financial and private medical information of Americans.
The audit report concluded that “the risk and severity of the weaknesses identified constituted a signification deficiency in internal controls over the Federal Information Security Management Act (FISMA) as defined by the Office of Management and Budget (OMB) guidance.”
The OIG stressed that the information Social Security is in charge of protecting impacts nearly every American and that Social Security needs to do a better job in this matter. “SSA houses sensitive information about nearly every U.S. citizen – living and deceased – including medical and financial records. In appropriate and unauthorized access to, or theft of, this information can result in significant harm and distress to potentially hundreds of millions of Americans. As such, it is imperative that SSA make protecting its networks and information a top priority,” the OIG said.
It should be noted that Social Security, although it has not reaches its ultimate goal, has improved from previous analysis. Federal agencies are given a letter grade in relation to the Federal Information Technology Acquisition Reform Act (FITARA) and implementation requirements in four areas that include Incremental Development; Risk Management Transparency; IT Portfolio Review Savings; and Data Center Consolation. These grades were released in May 2016 and Social Security received a C grade, which is an improvement from a D grade previously.
Jumping from a D to a C may not be earth-shattering news or means to throw a parade, but Social Security is actually doing a better job compared to most other federal agencies. NASA actually received an F and 10 other agencies received a D grade. Some of these agencies include the Defense, State and Treasury departments.
Obviously Social Security still has work to do in protecting and securing its information as highlighted by the conclusion of the audit. “Some weaknesses we identified could negatively impact the confidentiality, integrity, and availability of the Agency’s systems and data. We believe that SSA must strengthen its information security risk management framework and enhance information technology oversight and governance to address these weaknesses.”
Acting Social Security Commissioner Carolyn Colvin spoke at the congressional hearing and emphasized that Social Security has and will continue to focus on protecting the private information of American citizens, but it is not necessarily that easy without increased funding.
“Let me emphasize that investing wisely in technology is one of our top critical priorities aw we work to deliver smarter, secure, and more efficient service. We have consistently used our IT resources to help us efficiently and effectively deliver benefit payments and other services to millions of Americans each year,” Colvin said. “Yet we have major challenges before us. We have a significantly aged IT infrastructure, which is increasingly difficult and expensive to maintain.”
Others who appeared at the hearing included Robert Klopp, deputy commissioner of systems and chief information officer for Social Security, Marti Eckert, associate commissioner, information security for Social Security and Gale Stallworth Stone, deputy inspector general. To read comments made by these individuals click here.
