June 23, 2011: Barton, Markey Query Social Security Administration on Personal Data Protections

WASHINGTON, D.C. – Congressmen Joe Barton (R-Tex.) and Edward J. Markey (D-Mass.), co-Chairmen of the House Bi-Partisan Privacy Caucus, sent a letter today to Social Security Administration (SSA) Commissioner Michael Astrue expressing concern that sensitive personal information may be vulnerable to unauthorized exposure due to a recently proposed policy that would make annual SSA earning statements available only online rather than through an annual statement mailing, as is current practice. A March 2011 SSA Inspector General report found that 26,930 people had their personally identifiable information “inadvertently exposed” from July 2006 to April 2010 through publication of the Death Master File (DMI). The report also revealed that SSA continued to publish the Death Master File with the knowledge its contents included “the personally identifiable information of living number holders.”
“Our concerns are heightened by evidence of an inadequate response to a serious security breach at the Social Security Administration,” said Reps. Barton and Markey. “If the Social Security Administration anticipates increased access of online account statements, it also must ensure appropriate safeguards are in place to protect sensitive personal information.”
In the letter, Reps. Barton and Markey ask Commissioner Astrue to respond to questions that include:

  • How does the Social Security Administration currently protect information collected and transmitted if individuals access Social Security account statements via the Social Security Administration website?
  • Does the Social Security Administration intend to provide additional protections moving forward?  If so, what protections will be provided, and on what timeline?
  • As the Social Security Administration implements its plans to move statements online, will it apply the recommendations made by the Inspector General in its report regarding the DMF breach?  If yes, how?
  • What has SSA done to close the security gaps in its management of the DMF that were identified by the Inspector General’s report?
  • In SSA’s current efforts to prevent any security breaches that could arise due to moving earning statements online, what kind of security measures are being used to prevent a breach in PII during the transition?

A full copy of the letter can be found HERE.