Safeguarding Beneficiary Information

As a representative payee, you maintain records containing personally identifiable information (PII). The Social Security Administration reminds you of your responsibilities to properly safeguard PII from loss, theft, or inadvertent disclosure. PII includes a person’s name, date of birth, Social Security Number, bank account information, address, health records, and Social Security benefit payment data.

Reminders:

  • Be familiar with security, privacy, and confidentiality practices.
  • Use beneficiary personal data only for purposes for which you have authorization.
  • Lock or logoff computer workstation/terminal prior to leaving it unattended. Act in an ethical, informed, and trustworthy manner.
  • Protect sensitive electronic records.
  • Be alert to threats and vulnerabilities to your systems.
  • Ensure that employee screening for sensitive positions within your organization has occurred prior to any individual being authorized access to sensitive or critical applications.
  • Avoid leaving paper documents containing personal data lying unprotected on desktops.

Managers should be alert to employees who fail to adequately safeguard PII by failing to secure it from theft, loss, or inadvertent disclosure.

The responsibility to protect PII applies at all times regardless of whether personnel are on duty at their duty station, another official work location, or an alternate duty station. Anyone not on duty still has the responsibility to secure any PII within their control.

We recommend that employees be required to have locking file cabinets or desk drawers for storage of confidential material.

Case files taken to an alternate duty station should be tracked to ensure their timely return to the office. Personnel should be required (e.g., through use of a locking device such as a briefcase or satchel) to ensure that all beneficiary personal records are safeguarded and protected from theft or damage while being transported.

Examples of Failing to Safeguard PII:

The following list provides examples of situations where PII is not properly safeguarded:

  • Leaving an unprotected computer containing beneficiary information in an non-secure space (e.g., leaving the computer unattended in a public place, in an unlocked room, or in an unlocked car);
  • Leaving an unattended briefcase containing beneficiary information in a non-secure area, including any place in the office;
  • Storing electronic files containing beneficiary information on a computer or access device (flash drive, CD, etc.) that other people have access to (not password-protected);
  • Working from home with a file containing PII, but not locking the file in a secure file cabinet when not being used.

This list does not encompass all failures to safeguard PII, but alerts employees to situations that must be avoided.

We must be vigilant in every way to make sure that an individual’s personal information remains secure. It is the responsibility of each of us to do all we can to maintain the security of the information entrusted to us by the American people.

Thank you for your help in this important matter.