Census Bureau Mistakenly Reveals Personal Data On 302 Families
A file with personal data -- names, addresses, phone numbers, and income ranges -- on 302 families was posted on a public Web site.
The U.S. Census Bureau reported that it accidentally posted the personal information of 302 families on a public Web site.
A file containing the personal data was uploaded, along with 250 fictitious or test records, onto one of the agency's externally accessible servers, according to an advisory put out by the Census Bureau. For the 302 households, the file contained names, addresses, phone numbers, birthdates, family income ranges, and other demographic data. The bureau reports that no Social Security numbers were contained in the file.
The advisory notes that the mistake happened "multiple times" between October and February during the testing of new software. The problem was discovered on Feb. 15. The Web site where the information was posted is typically used to make large public use files available to census data users.
"As soon as we learned of the improper posting, we moved quickly to fix the problem. We immediately shut down the site and began an investigation," said Census Director Charles Louis Kincannon in a written statement. "We have an obligation to the public to be good stewards of personal data collected in our census and surveys. Protecting the confidentiality of personal information remains our highest priority. Thankfully, we know of no instances of respondent data being improperly used; however, we regret that the information was improperly posted and that our safeguards did not prevent this violation of agency policies."
Kincannon added that the bureau is strengthening its internal security procedures, and will be conducting further training on handling survey information and on telework practices.
Census law prohibits disclosure of sensitive data and the Census Bureau has policies protecting data, which includes prohibiting the uploading of data to any unsecured Web site, according to the advisory. Information placed on the agency's Web site is required to undergo a disclosure avoidance review to ensure that no confidential information is released. This process was not followed, the bureau reports.
The bureau's advisory also states that "appropriate administrative action" has been taken for the employees involved in the data leak. An investigation is pending. The case also has been referred to the Department of Commerce's Inspector General.
This isn't the first data problem for the Census Bureau. The Commerce Department reported
last September that between 2001 and the summer of 2006, 672 laptops, of which 246 contained some degree of personal data, went missing. The report also noted that 139 were either partially encrypted or had no encryption.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.