1. News & Issues
Robert Longley

GAO Finds Holes in Census Information Security

By February 27, 2013

Follow me on:

The U.S. Census Bureau may not be as capable of protecting the privacy of your census information as it promises, according to a new report from the Government Accountability Office (GAO).

Specifically the GAO reported finding that the Census Bureau's information systems and networks are "pervaded" by multiple security control weaknesses, "thereby jeopardizing the bureau's ability to sufficiently protect the confidentiality, integrity, and availability of its information and systems."

As a result, wrote the GAO, the Census Bureau can offer only "limited assurance" that its information handling - and sharing - systems are adequately protected against unauthorized "access, use, disclosure, modification, disruption, or loss." Ouch!

This has to be troubling news for the Census Bureau, which depends so heavily on the public's trust of confidentiality. While responding truthfully to the census is require by law, many people resist doing so, because they fear their information will not be kept secret.

Also See: Why the Census is Important to You

As it often stresses, the Census Bureau is banned by federal law from disclosing private information requested on any of their various questionnaires like names, addresses, and Social Security and phone numbers.

Census Bureau employees who violate their required oath of confidentiality face fines of $250,000 and up to 5 years of jail.

But far beyond the control of most Census Bureau employees, weaknesses in how the bureau regulates and controls access to information systems jeopardizes its promise of confidentiality.

"Without adequate controls over access to its systems, the bureau cannot be sure that its information and systems are protected from intrusion," stated the GAO's analysis.

The GAO also found the Census Bureau has not created adequate contingency plans for recovering from events that typically result in loss of data, such as power failure and fires by storing backup copies at secured offsite locations.

"Without an effective and complete contingency plan, an agency's likelihood of recovering its information and systems in a timely manner is diminished," the GAO report said.

Of the 115 recommendations for improvement made by the GAO -- only 13 of which were made public for personal information security reasons - the Census Bureau's parent agency, the Department of Commerce, "expressed broad agreement" with the report and said it would "work to identify the best way to address" the recommendations.

Also See:
Census Must Change, Director Says
How Much Did Census 2010 Cost?
Now Much More Will Census 2020 Cost?

Comments

March 3, 2013 at 9:12 pm
(1) Concernicus says:

The article mentions giving the census your SS number. Why?

I always fill out my census form and mail it in. Did not ever giving them my SS number. If it was one of their special suveys and they asked for my SS number, I would refuse. I follow the law and fill out the census form. Giving them my SS number is not part of the law.

March 4, 2013 at 6:01 am
(2) usgovinfo says:

@Concernicus: Until enactment of a final rule in 2010, SS numbers were required in many of the Census Bureau’s business and economic censuses and surveys. So, they have many SS numbers on file.

Robert Longley

Leave a Comment


Line and paragraph breaks are automatic. Some HTML allowed: <a href="" title="">, <b>, <i>, <strike>

©2014 About.com. All rights reserved.