Weaknesses in Census Bureau information security could compromise the confidentiality and integrity of the agency’s survey data, according to a report released Wednesday by Congress’s auditing department.
The analysis from the Government Accountability Office said many of the problems relate to the controls that regulate who and what can access the bureau’s systems.
In addition, the GAO found that the bureau had not securely configured and properly encrypted key communication systems.
The GAO also determined that the bureau failed to provide key personnel with contingency plans relating to use of emergency power, fire suppression and storing backup copies of data at a secured offsite location.
“Without an effective and complete contingency plan, an agency’s likelihood of recovering its information and systems in a timely manner is diminished,” the report said.
The GAO made 115 recommendations for enhancing the Census Bureau’s information-security program, but only 13 of those appeared in the audit, due to concerns about revealing sensitive information.
The audit took place between January 2012 and January 2013.
The Department of Commerce, which oversees the Census Bureau, “expressed broad agreement” with the GAO report and said it would work to identify the best way to address the GAO’s recommendations, according to the audit.
But a spokesperson for the bureau said Friday that the report “portrays greater vulnerability than in fact exists.”
Since the audit started, the agency has replaced outdated systems and implemented a new information-technology strategy consistent with the most stringent standards of the National Institute of Standards and Technology, the spokesperson said.
“The vulnerabilities identified in the GAO report were, in our view, internal, focused primarily on the threat from Census Bureau users within the firewall,” the spokesperson said. “We take that threat seriously, and those users are audited continuously.”
Federal law prohibits the Census Bureau from disclosing private questionnaire information such as names, phone numbers, addresses, and Social Security numbers.
Employees who deal with the confidential data must take an oath to uphold the law, and they are subject to a fine of $250,000 and up to 5 years of jail violating the pledge, according to the agency.
The bureau transfers its survey results to microfilm before destroying the original questionnaires. Individuals and their heirs or legal representatives can obtain that information for proof of age or residence.
Copies of census schedules from 1790 through 1940 are available at the National Archives, online and at various libraries throughout the country, but federal law requires subsequent records to be closed to the public for 72 years to protect the confidentiality of the information.
E-mail firstname.lastname@example.org with news tips and other suggestions.