Justice and Law Enforcement:

State Field Offices Are Not Protecting Social Security Beneficiary Information From Potential Abuse and/or Misuse

HRD-81-151: Published: Sep 30, 1981. Publicly Released: Oct 19, 1981.


Office of Public Affairs
(202) 512-4800

GAO reviewed the extent of protection over social security beneficiary information given to the States.

GAO found that personal beneficiary data supplied to the States are generally not being adequately protected. For example, data in claimant files are not being controlled by State offices. Access to claimant files by employees in State welfare offices is unlimited and is not on a need-to-know basis. Log-out and log-in procedures are not being used to identify the location of a file during processing. Photocopy machines are not usually secured during nonworking hours. An employee or an outside intruder could select claimant files, copy the desired information in the files, and remove it from the office without anyone noticing. Claimant files are generally not secured in lockable cabinets, but are stacked around the offices in various locations. Access to welfare offices is not restricted. Many offices do not have instructions on how to dispose of documents containing personal information. The Department of Health and Human Services has not developed a consistent and comprehensive security program to be used by States in protecting beneficiary information.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendation for Executive Action

    Recommendation: The Secretary of Health and Human Services should formulate and establish a firm, consistent, and comprehensive security program for providing adequate protection of data shared with States and local entities. Also, the Secretary should, if deemed necessary, seek the advice of the Department of Justice to resolve any legal problems encountered in formulating and establishing such a program.

    Agency Affected: Department of Health and Human Services

    Status: Closed

    Comments: Please call 202/512-6100 for additional information.

    Jul 9, 2014

    May 14, 2014

    Apr 30, 2014

    Mar 26, 2014

    Jan 13, 2014

    Dec 9, 2013

    Dec 6, 2013

    Nov 20, 2013

    Oct 29, 2013

    Sep 25, 2013

    Looking for more? Browse all our products here