“How Private Is It?”

ResourcesLearning OpportunitiesReportingPolicies and Procedures

A client approaches a counter and asks for services. The clerk asks the client for basic information:

The process has begun

Hotline Call

The Investigation Begins

The Department of Human ServicesFinancial Assistance Division

The Financial Assistance Division administers many different financial assistance programs, most of which are financed by the federal and state government. The programs are targeted for families and individuals with incomes at or below the poverty level. Programs include: temporary, emergency or general assistance to needy families or indigents; grants for the disabled; food stamps; and Medicaid or refugee re-settlement.

The Process of Discovery

Conducted investigation interviewsRetrieved suspects computer hard drives

(DSS Commissioner Permission Required)

Requested SPIDeR Audit Trails (DSS – DIS, Information Security Unit – John Palese, Senior System Engineer)

Reviewed audit trails

The Discovery

SPIDeR – Systems Partnering in a Demographic Repository

The Violation

Worker uses SPIDeR to obtain information on citizens

Worker instructed by supervisor to obtain information on citizens by supervisor

Supervisor takes information and calls APECS (child support) pretending to be a citizen

Violation & Crime

Violation & Crime

Discovery of other employee violations

The Outcome

Reported violation to policeSupervisor terminatedEmployee resigns before terminationContract worker terminatedTwo employees suspendedTwo employees received written counselA letter sent to the Commissioner of DSS

Privacy Policy

The Virginia Department of Social Services computer system, and component parts, contain privileged customer and government information. Access to information is restricted to the Department of Social Services authorized users.

Unauthorized access, use, misuse, or modification of the data or the system, or unauthorized printing or release of data, is a violation of Department policy. It is also a violation of Title 18, United States Code Section 1030. Violators may be subject to criminal and civil penalties, including but not limited to a fine of up to $5000 and/or 5 years in prison, as set forth in Title 26, United States Code Sections 7213 and 7431.

Other Laws

The Privacy Act of 1974Virginia Code 2.2-3800–3803Computer Invasion of Privacy Under the

Virginia Computer Crimes ActInformation Technology Security StandardVirginia Department of Social Services –

Information Security Policy

Agencies Agreements

The Social Security Administration and the Commonwealth of Virginia

The Department of Motor Vehicles and the Virginia Department of Social Services

The Virginia Employment Commission and the Virginia Department of Social Services

Lack of public trust Open to civil suits Loss of database accesses Loss of the ability to provide services to our

citizens Identity theft

Implement a stronger security training program

Implement random sampling of users No tolerance policy – strong disciplinary

action for violators Educate the users Require all staff to attend Ethics Training Compliance with agreements Audits