» This Story:Read +|Watch +| Comments
Fed Page   |   E-Mail Newsletter  Fed Insider E-Mail   |    RSS   |   Column Archive

Commerce Dept. slow to notify employees of security breach

Discussion Policy
Comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions. You are fully responsible for the content that you post.
Wednesday, January 27, 2010

Why did it take the Commerce Department so long to notify employees that their personal information, including Social Security numbers, had been let loose on the Internet?

This Story

On Monday, employees were informed by letters mailed to their homes about "a breach of protocol involving your Personally Identifiable Information (PII), including your Social Security number (SSN) and name."

The breach occurred on Dec. 4 -- more than seven weeks before workers were told. It took Commerce nearly four weeks to prepare the letter, which was dated Dec. 31.

The department took action to protect the information within hours of the breach, an official said. The delay in notification, however, was a bit harder to explain.

The letter was not written until officials gained information about the breach through the investigative process, said the official, who did not speak for attribution. Once the letter was written, it apparently got caught in a backlog of mail to be sent to employees, including W-2 income tax forms.

That's not the kind of explanation employees find comforting.

According to the letter, "a Department of Commerce employee inadvertently transmitted over the Internet a file containing the PII of Commerce employees to other Department employees. Although the Department employees were authorized to send and receive the PII, the transmission of the PII over the Internet in unencrypted form may have compromised your name and SSN."

The letter urged workers to contact credit reporting agencies in an attempt to prevent the opening of fraudulent accounts in their names.

"When I contacted the three credit reporting services this morning," said one employee who did not want to be identified for fear of reprisals, "I felt like it was too little and too late."

Bracing for retirements

Administrative law judges are not a big group, but they may be like the canary in the coal mine when it comes to federal employee hiring and retirement issues.

The federal workforce is bracing for a potential wave of baby-boomer retirements, and ALJs provide a stark indication of what could lie ahead.

There are only about 1,400 judges spread across 25 federal agencies, with the Social Security Administration employing three-quarters of them. Judges resolve disputes involving federal agencies and individuals or other parties over such things as entitlement to benefits, licensing, regulations and contracts.

The flow of their work could be disrupted by a potential wave of retirements. Just more than half the ALJs were eligible for retirement in September 2008. By 2013, almost 80 percent will be, the Government Accountability Office said in a new report.

"ALJ agencies could face skill and competency gaps unless ALJ agencies and [the Office of Personnel Management] take concerted action to assure that, in the face of significant retirement eligibility, the ALJ agencies have developed ALJ hiring and succession plans," the GAO said.

Whenever the vacancies occur, new hires will be needed to fill them. ALJs, unlike most federal employees, are hired from a central register maintained by the Office of Personnel Management.

OPM Director John Berry has suggested using that process for other positions that are found in many agencies, such as lawyers and accountants. Should he proceed with that move, the GAO report provides some lessons.

Though Social Security officials said they are very pleased with the quality of their ALJs, they also said there should be "more flexibility" in the hiring process "in order for them to appoint candidates that best meet their agency-specific needs," the GAO said. "According to SSA officials, OPM uses a one-size-fits-all approach in establishing its register of candidates."

OPM responded that candidates with certain expertise "would not produce a better cadre of ALJs. In OPM's view, the most important characteristic that ALJs need is the ability to master lots of facts, rather than specialized knowledge."

No matter the hiring process, one federal employee wants to make sure it's not a biased one. For more than 15 years, Cassandra Menoken has charged OPM with discrimination against African Americans in the hiring of ALJs, in a case that now is in the U.S. Court of Appeals.

Menoken is a lawyer with the Equal Employment Opportunity Commission, but filed the lawsuit in her private capacity. Her basic complaint is that OPM "never fully complied with an [EEOC] order that required it to 'cease' and correct examination scoring practices that discriminated against African American ALJ applicants."

Menoken is appealing a U.S. District Court ruling in favor of OPM. She is fighting the agency's contention that she has no evidence to back her case.

Links to the Commerce Department letter and the GAO report can be found with this column at http://www.washingtonpost.com/fedpage.



» This Story:Read +|Watch +| Comments
© 2010 The Washington Post Company