While the IG’s office at OPM has been focused lately on the massive cyber thefts of personal information from personnel and security clearance records under the agency’s responsibility, it also has looked into a more prosaic loss of personal information.
The IG recently reported results of investigations including one into an allegation that OPM’s retirement services branch caused a breach of personally identifiable information when a teleworking employee failed to put retirement case files in a locked container for transport from OPM headquarters to the employee’s home.
According to the report, the employee was using a rental car at the time, a file fell out onto the floor, and the employee returned the car without realizing the file was there.
The rental car company then contacted the annuitant, who in turn contacted the retirement services branch.
The IG reported that it “made three recommendations to Retirement Services for improving their policies and practices related to the control, security, and accountability of Pll, focusing on procedures for telecommuting employees who transport cases to and from [the headquarters building] on a regular basis.”
