Summary

The Social Security Administration (SSA) is responsible for making correct and timely payments to individuals entitled to benefits under social insurance and welfare programs and for providing support functions for the medicare program. These programs generate millions of records on workers and beneficiaries that are maintained in automated data banks and files.

Personal files within the data system contain valuable private information that is necessary to support present and future social security benefits. SSA uses a vast computerized telecommunications network to process its workload and to handle inquiries from the public. The telecommunications system contained certain security weaknesses: the ability to create as well as query beneficiary files from most terminals, failure to use audit trail features within the system, failure to always lock terminals during nonworking hours, and unlimited unrestricted access to terminals. Files containing personal data on beneficiaries such as earnings records, financial status, and medical evaluations were not being properly safeguarded from potential loss, destruction, abuse, or misuse. SSA had not issued guidelines or criteria for establishing physical security measures at field offices and had not determined if adequate security was provided in the handling of information by States in administering welfare programs and by insurance companies in administering medicare.