11:44 AM

Census Bureau Mistakenly Reveals Personal Data On 302 Families

A file with personal data -- names, addresses, phone numbers, and income ranges -- on 302 families was posted on a public Web site.

The U.S. Census Bureau reported that it accidentally posted the personal information of 302 families on a public Web site.

A file containing the personal data was uploaded, along with 250 fictitious or test records, onto one of the agency's externally accessible servers, according to an advisory put out by the Census Bureau. For the 302 households, the file contained names, addresses, phone numbers, birthdates, family income ranges, and other demographic data. The bureau reports that no Social Security numbers were contained in the file.

The advisory notes that the mistake happened "multiple times" between October and February during the testing of new software. The problem was discovered on Feb. 15. The Web site where the information was posted is typically used to make large public use files available to census data users.

"As soon as we learned of the improper posting, we moved quickly to fix the problem. We immediately shut down the site and began an investigation," said Census Director Charles Louis Kincannon in a written statement. "We have an obligation to the public to be good stewards of personal data collected in our census and surveys. Protecting the confidentiality of personal information remains our highest priority. Thankfully, we know of no instances of respondent data being improperly used; however, we regret that the information was improperly posted and that our safeguards did not prevent this violation of agency policies."

Kincannon added that the bureau is strengthening its internal security procedures, and will be conducting further training on handling survey information and on telework practices.

Census law prohibits disclosure of sensitive data and the Census Bureau has policies protecting data, which includes prohibiting the uploading of data to any unsecured Web site, according to the advisory. Information placed on the agency's Web site is required to undergo a disclosure avoidance review to ensure that no confidential information is released. This process was not followed, the bureau reports.

The bureau's advisory also states that "appropriate administrative action" has been taken for the employees involved in the data leak. An investigation is pending. The case also has been referred to the Department of Commerce's Inspector General.

This isn't the first data problem for the Census Bureau. The Commerce Department reported last September that between 2001 and the summer of 2006, 672 laptops, of which 246 contained some degree of personal data, went missing. The report also noted that 139 were either partially encrypted or had no encryption.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.