Accountability for Defense Security Service Assets With Personally Identifiable Information

The management at the Defense Security Service (DSS) and personnel concerned with property accountability should read this report because it discusses accountability for assets that contain personally identifiable information (PII) and the requirements for reporting unauthorized disclosure of PII. D...

Full description

Saved in:
Bibliographic Details
Main Authors: Granetto, Paul J, Prinzbach, II, Robert F, Caprio, Kimberley A, Papas, Patricia A, Ragsdale, Rhonda L, Goldberg, Robert P, MacAttram, Andrew R, Palmer, David A, Jackson, Antwan, Seebacher, Bridgette A, Cruz-Freire, Marlene
Format: Report
Language:English
Subjects:
ACCESS
ACCOUNTABILITY
AUXILIARY
CLEARANCES
CONTRACTORS
DEFENSE SYSTEMS
DSS(DEFENSE SECURITY SERVICE)PII(PERSONALLY IDENTIFIABLE INFORMATION)
FUNCTIONS
GOVERNMENT EMPLOYEES
Information Science
INFORMATION SECURITY
Logistics, Military Facilities and Supplies
PERSONNEL MANAGEMENT
RISK
SECURITY
TRANSFER
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The management at the Defense Security Service (DSS) and personnel concerned with property accountability should read this report because it discusses accountability for assets that contain personally identifiable information (PII) and the requirements for reporting unauthorized disclosure of PII. DSS provides the Secretary of Defense, DoD Components, and Defense contractors security support services. In February 2005, DSS transferred responsibility for the personnel security investigation function to the Office of Personnel Management (OPM), along with 1,567 DSS employees. The former Director of DSS also transferred common access cards (CACs), safes, laptops, and auxiliary hard drives to OPM. DSS management in place during the transfer of the personnel security investigation function to OPM created a lack of accountability for assets, posing an undue risk of compromising PII for military, civilian, and contractor employees who were investigated for personnel security clearances between 1997 and 2005. Through substantial efforts of its current management, DSS located and confirmed by unique identifier 308 of an estimated 501 initially unaccounted-for laptops. DSS obtained additional information demonstrating reasonable assurance that the remaining 193 laptops did not leave control of Government personnel; therefore, PII contained on the laptops is not at risk. Although DSS has accounted for the 501 initially unaccounted-for laptops, the initial listing of 501 laptops was not accurate. Additional laptops may still need to be accounted for. DSS demonstrated to the Defense Privacy Office that there was no indication the unaccounted-for laptops had left the control of Government personnel. Based on the information provided by Defense Security Service, the Defense Privacy Office concluded that the risk of unauthorized disclosure of PII was not high enough to warrant public notification. Consequently, DSS did not issue a public notification. Although the Defense Privacy O