Control Over the Use and Protection of
Social Security Numbers by Federal Agencies


February 14, 2003
Audit Report No. 03-012

Summary

The Federal Deposit Insurance Corporation (FDIC) Office of Inspector General (OIG) completed an audit of the controls over the use and protection of Social Security Numbers (SSN) by the FDIC. We conducted the review based on congressional interest regarding the widespread sharing of personal information and occurrences of identity theft. The Chairman, Subcommittee on Social Security, House Ways and Means Committee, asked the President's Council on Integrity and Efficiency (PCIE) to review federal agencies' methods for disseminating and controlling SSN data that they collect from third parties. The FDIC OIG, as a member of the PCIE participated in the audit.

The objective of this audit was to assess the adequacy of FDIC's control over the use and protection of SSN information. In conducting the audit, we focused on SSN information of non-employees such as depositors, debtors, and loan guarantors that was obtained from failing financial institutions insured by the FDIC.

We concluded that third-party access to and use of SSN and other personal information was not adequately controlled and monitored.

Recommendations

We made recommendations to the Director, Division of Resolutions and Receiverships, to better safeguard SSN and other personal information maintained in the Receivership Liability System and the Consolidated Asset Systems Modernization Project/National Asset Inventory Systems.

Management Response

DRR's responses to the recommendations were considered adequate.

This report addresses issues associated with information security. Accordingly, we have not made, nor do we intend to make, public release of the specific contents of this report.

Last Updated 1/9/2004