General Accounting Office, Justice and Law Enforcement: State Field Offices Are Not Protecting Social Security Beneficiary Information From Potential Abuse and/or Misuse (HRD-81-151; B-200202) (Sept. 30, 1981) (full-text).
The GAO found that personal beneficiary data supplied to the States are generally not being adequately protected. For example, data in claimant files are not being controlled by State offices. Access to claimant files by employees in State welfare offices is unlimited and is not on a need-to-know basis. Log-out and log-in procedures are not being used to identify the location of a file during processing. Photocopy machines are not usually secured during nonworking hours.
An employee or an outside intruder could select claimant files, copy the desired information in the files, and remove it from the office without anyone noticing. Claimant files are generally not secured in lockable cabinets, but are stacked around the offices in various locations. Access to welfare offices is not restricted. Many offices do not have instructions on how to dispose of documents containing personal information. The Department of Health and Human Services has not developed a consistent and comprehensive security program to be used by States in protecting beneficiary information.
The GAO recommended that the Secretary of Health and Human Services should formulate and establish a firm, consistent, and comprehensive security program for providing adequate protection of data shared with States and local entities. Also, the Secretary should, if deemed necessary, seek the advice of the Department of Justice to resolve any legal problems encountered in formulating and establishing such a program.