Accountability for Defense Security Service Assets With Personally Identifiable Information

Abstract

The management at the Defense Security Service (DSS) and personnel concerned with property accountability should read this report because it discusses accountability for assets that contain personally identifiable information (PII) and the requirements for reporting unauthorized disclosure of PII. DSS provides the Secretary of Defense, DoD Components, and Defense contractors security support services. In February 2005, DSS transferred responsibility for the personnel security investigation function to the Office of Personnel Management (OPM), along with 1,567 DSS employees. The former Director of DSS also transferred common access cards (CACs), safes, laptops, and auxiliary hard drives to OPM. DSS management in place during the transfer of the personnel security investigation function to OPM created a lack of accountability for assets, posing an undue risk of compromising PII for military, civilian, and contractor employees who were investigated for personnel security clearances between 1997 and 2005. Through substantial efforts of its current management, DSS located and confirmed by unique identifier 308 of an estimated 501 initially unaccounted-for laptops. DSS obtained additional information demonstrating reasonable assurance that the remaining 193 laptops did not leave control of Government personnel; therefore, PII contained on the laptops is not at risk. Although DSS has accounted for the 501 initially unaccounted-for laptops, the initial listing of 501 laptops was not accurate. Additional laptops may still need to be accounted for. DSS demonstrated to the Defense Privacy Office that there was no indication the unaccounted-for laptops had left the control of Government personnel. Based on the information provided by Defense Security Service, the Defense Privacy Office concluded that the risk of unauthorized disclosure of PII was not high enough to warrant public notification. Consequently, DSS did not issue a public notification. Although the Defense Privacy O

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jul 24, 2008
Accession Number
ADA499430

Entities

People

  • Andrew R. Macattram
  • Antwan Jackson
  • Bridgette A. Seebacher
  • David A. Palmer
  • Kimberley A. Caprio
  • Marlene Cruz-freire
  • Patricia A. Papas
  • Paul J. Granetto
  • Rhonda L. Ragsdale
  • Robert F. Prinzbach Ii
  • Robert P. Goldberg

Organizations

  • Office of the Inspector General, U.S. Department of Defense

Tags

Communities of Interest

  • Biomedical
  • Human Systems
  • Weapons Technologies

DTIC Thesaurus Topics

  • Accountability
  • Acquisition
  • Business Administration
  • Computers
  • Computing Devices
  • Department Of Defense
  • Department Of Veterans Affairs
  • Governments
  • Information Systems
  • Life Cycles
  • National Security
  • Personnel Management
  • Security
  • Task Forces
  • Training
  • Unauthorized Disclosure
  • United States

Readers

  • Cybersecurity.
  • Defense Financial Management and Audit.