In June 1978, the GAO issued a report which identified security weaknesses in the protection of beneficiary records maintained in field offices under the stewardship of the Social Security Administration (SSA). The GAO made nine recommendations directed toward correcting the weaknesses, and the SSA began action to correct the deficiencies. Subsequently, the GAO was requested to determine what actions had been taken to implement the recommendations.
As of September 1981, two of the recommendations had been implemented while the other seven were in various stages of implementation. After the GAO pointed out the security weaknesses, the SSA established a systems security staff which would have had the authority to implement a strong security program for maintaining beneficiary records. However, in January 1979, the systems security staff was returned to the position of having to obtain the cooperation of several SSA operating components to develop and implement an adequate security program which would protect beneficiary records.
The GAO recommends that the Secretary of Health and Human Services should direct the Commissioner of the Social Security Administration (SSA) to evaluate the current role of the systems security staff and the need for an aggressive security program to protect beneficiary records and, if deemed necessary to achieve such a security program, establish an office within the SSA with the primary responsibility, capability, and authority for developing, establishing, and maintaining an aggressive ongoing security program for the protection of beneficiary records.