Contact: Ruth Cymber
Public Information Office
(301) 763-3030 (phone)
(301) 763-3762 (fax)
(301) 457-1037 (TDD)
WASHINGTON — The Census Bureau today reported that a file containing limited respondent information on 302 households, commingled with fictitious test records, was improperly posted on one of the agency’s externally accessible servers in violation of strict agency policies regarding the protection of respondent information. The file was immediately removed. No Social Security numbers were contained in the files and the Census Bureau has no evidence that any respondent data were misused.
“As soon as we learned of the improper posting, we moved quickly to fix the problem. We immediately shut down the site and began an investigation,” said Census Director Charles Louis Kincannon. “We have an obligation to the public to be good stewards of personal data collected in our census and surveys. Protecting the confidentiality of personal information remains our highest priority. Thankfully we know of no instances of respondent data being improperly used; however, we regret that the information was improperly posted and that our safeguards did not prevent this violation of agency policies. A breach of this kind is unacceptable and we are committed to providing the highest level of public service. We are strengthening our internal procedures to further safeguard our data to prevent a recurrence.”
On Feb. 15, 2007, the Census Bureau discovered that the file, containing records from 302 actual households commingled with 250 fictitious or test records, had been uploaded onto one of the agency’s externally accessible servers. For the 302 households, the file contained names, addresses, phone numbers, birthdates, family income ranges, and other demographic data. There were no Social Security numbers contained in the file. The information was posted multiple times between October and February to test new software applications. This site is typically used to make large public use files available to census data users.
Once the improper posting was discovered, the file was immediately removed. The generally public nature of the information, and the commingling of data and test records indicated that it is unlikely the downloaded information would be useful to the casual user or someone with malicious intent. The Census Bureau is notifying the respondents and offering credit-monitoring assistance.
Census Law prohibits disclosure of sensitive data and the Census Bureau has strict policies protecting data including prohibiting the uploading of data to any nonsecured Web site. Information placed on the agency’s Web site is required to undergo a disclosure avoidance review to ensure that no confidential information is released. This process was not followed.
Appropriate administrative action regarding those employees involved has been taken pending the investigation. Once the investigation is concluded, a determination will be made as to appropriate personnel action. The Census Bureau has also referred the matter to the Department of Commerce’s Inspector General. Additional training on the proper handling of Title 13 survey responses and the Census Bureau’s telework policies will be conducted.