State welfare agencies receive millions of personal files on individuals from the Social Security Administration and other federal agencies, but do an extremely poor job of safeguarding the information from prying outsiders, according to an unreleased report by the General Accounting Office.

In many cases, a GAO survey showed, the files were so poorly protected that janitors, landlords or even outsiders could simply walk in and take them or make copies and walk out with them. One welfare office employe sold unshredded personal records of clients for scrap paper--with his superior's permission--to supplement his income.

The report, prepared for Sens. Orrin G. Hatch (R-Utah) and Max Baucus (D-Mont.) and Rep. Charlie Rose (D-N.C.), said SSA and other agencies supply welfare offices with information such as an individual's address, employer, ownership of a house, car, life insurance and other property, names of relatives, amount of welfare benefits, race, national origin, Social Security benefits, health care information, and some information from tax and veteran's benefit files. The states use the information to administer a variety of welfare progams.

The states also get information from the Railroad Retirement Board, state tax departments, motor vehicle bureaus, state agencies that administer job-placement and unemployment insurance, insurance companies, credit bureaus, banks, landlords, credit bureaus and courts and police.

Many states consolidate this into a single file on an individual that can be fed back to the federal government, and to state welfare agencies, hospitals and other medical providers for billings, courts, district attorneys, probation departments, mental health centers and the like.

The GAO report said SSA and the Health Care Financing Administration, which runs the Medicaid and Medicare programs for the Health and Human Services Department, exchange 70 million personal beneficiary files with state governments annually. In many cases, a GAO survey showed, personal files on individuals were so poorly protected that janitors, landlords or even outsiders could simply walk in and take them or make copies and walk out with them.

But the GAO said its visits to 80 state welfare offices in 14 states with nearly half the nation's welfare caseload revealed that:

* "Data in claimant files" was "not being controlled by state offices. Access to claimant files by employes is unlimited and is not based on the 'need-to-know.' "

* "Photo-copy machines are not usually secured during non-working hours. An employe or an outside intruder could select claimant files, copy the desired information and remove it from the office without anyone noticing."

* "Claimant files are generally not secured in lockable cabinets, but are stacked around the offices in various locations during working and non-working hours."

* "Access to welfare offices is not restricted. Most offices are leased and the landlords generally retain the keys; in addition, persons providing janitorial services also have keys." One landlord routinely opened and closed the welfare office daily while employes weren't present, and thus had complete access to all documents.

* Microfilm copies of some personal files were left at the receptionist's desk, untended, for many periods during a day.

* File cabinets were often left unlocked both during the day and at night, and employes often were not subject to security or reference checks.

* Many offices were extremely careless in discarding old files. Some files were simply thrown unshredded in trash cans or dumpsters. In one office, GAO inspectors found in one wastebasket next to a copier a complete profile of one beneficiary, a report of "Confidential Social Security Benefit Information," an electric bill, and a food stamp eligibility worksheet with earnings of the individual listed.

* ". . . Copies of computer printouts containing personal information were found stacked in hallways outside offices, on loading platforms and in dumpsters located in parking lots." In another case, the GAO said, a newspaper reported that hundreds of client records less than a year old were accidentally placed on the sidewalk outside the building by maintenance personnel.

* In one office, an employe had received permission to sell computer printouts for scrap paper to supplement his personal income. The printouts were not mutilated before they were given to the employe and officials did not know who was buying the printouts.

The GAO said the inherent dangers to privacy in such collection and careless handling of information needed to be countered by having HHS "establish a firm, consistent and comprehensive security program In one office, an employe had received permission to sell computer printouts for scrap paper to supplement his personal income. The printouts were not shredded and officials did not know who was buying the printouts. for protecting data supplied to state and local entities." The GAO said that so far, HHS "has not formulated a consistent and comprehensive security program for the protection of data given to the states."

Jim Brown, press spokesman for the Social Security Administration, said in response, "If there is evidence, and we will investigate ourselves, then we will take what steps are necessary to ensure that the states are living up to the letter and spirit of the Privacy Act in their handling of any information we share with them."