Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
CHAPTER V Privacy and Security In its first report the panel emphasised the importance of privacy, security, and confidentiality for the millions of records of personal information that the SSA maintains, and it concluded: Respect for the right of clients to confidentiality and security of information needs to be assured in the basic architecture and design of the future SSA process. There is no way to achieve an acceptable level of privacy and security by adding features or techniques after the design is completed. Privacy, security, and confidentiality are closely related concerns that can be generally distinguishable as follows: o Privacy--the protection afforded personal information to prevent injury or humiliation of individuals from its misuse or improper dissemination. Security--the protection of systems and information against damage, unauthorized divulgence, or denial of use by rightful owners. Confidentiality--the protection of sensitive information against access without proper authorization. Thus, confidentiality characterizes the need for limitation of access to certain information, whereas computer security represents the physical, technical, and administrative means for providing protection and for controlling access. Informational privacy is a set of legisla- tively-based procedures that govern how personal information may be used. The panel has observed in this review that the Office of Advanced Systems (OAS) has increased its emphasis on these matters significantly. Among other actions, the SSA has issued a good soliciation for technical support that has led to the selection of a support contractor well-versed and experienced in the field. Under the terms of the contract, a system- wide examination is being conducted that should lead to recommendations for a series of privacy/security/confidentiality controls at appropriate 32
33 points throughout the future system. The panel concludes that beyond this important effort: . . The SSA should make its own judgment of the threats that the future system will face--e.". physical destruction, electronic eavesdropping, employee fraud, unauthorized divulgence of information, willful modification of file entries, disruptive attacks, communications outages, machine malfunctions, and system malfunctions resulting from software errors. It should analyze the federal legislation and executive guidelines under which the future system will have to function, particularly the Privacy Act of 1974, the Freedom of Information Act amend- ments of 1974, and OMB Circular A-71 on Security of Federal Automated Information Systems, issued July 27, 1978. The SSA should then take into account the safeguards recommended by the contractor, enunciate a clear policy on access to and safeguarding of information, arrive at firm requirements for privacy/security/confidentiality controls, and incorporate such controls into its system requirements. The SSA should incorporate into its plans appropriate provision for a monitoring activity to ensure that RFPs reflect a deter- mination about which controls and safeguards are considered essential, that proposals received in response to the design REP are, in fact, responsive to privacy/security/confiden- tiality considerations, that the selected vendors implement - effective controls, and that such controls are tested adequately throughout the system. Subsequently, the SSA will have several tasks, including Educating employees throughout the system about the concepts add techniques of security, privacy, and confidentiality. Training employees to ensure that the controls incorporated in the system design will be used properly. Creating a system security office to monitor the functioning of controls and safeguards throughout the system, to be the focal point for privacy/security/ confidentiality matters both in policy and in daily operation of the system, to oversee the entire system from the privacy/security/confiden- tiality point of view, and to simulate penetrations of the system to test the efficacy and appropriateness of controls. In seeking approval of its plans by internal and external reviewing officials and agencies, the SSA needs to be prepared to provide the rationale and the details of its program to ensure privacy, security, and confidentiality, because these three topics are of such fundamental and now widely recognized importance.