HUD recently released a Report evaluating its practices for identifying and protecting personally identifiable information (PII), and assessing and managing its information and record-keeping systems to ensure PII is properly maintained in paper and electronic forms in accordance with federally mandated records management requirements. The Report notes progress in modernizing HUD’s transition from paper-based to electronic record-keeping processes and addressing OIG privacy-related recommendations that had been open for several years, but also recognizes ongoing deficits in these and other areas. The Report provides a number of recommendations aimed at ensuring HUD meets its legal and regulatory obligations.
Among the key areas of deficit in managing its control of PII, HUD found that it was unable to verify its list of information systems, lacked comprehensive agency records inventories, and was not able to identify and track its PII. Additionally, the Report notes that HUD is at risk of not meeting key Federal records transition deadlines from paper to electronic recordkeeping and had critical records program governance weaknesses.
The Report notes that HUD manages more than one billion records containing the PII of individuals and, therefore, the required improvements are necessary and if not addressed, pose unacceptable risks to the Department and the public. Notable recommendations in the Report are that HUD (i) designate a senior agency official for records management at the Assistant Secretary level or its equivalent, (ii) update and issue formal agency records policy including detailed procedures and requirements for completing and maintaining program office and agency-wide inventories of systems, records and PII, and (iii) update and obtain final National Archives and Records Administration approval of all HUD records retention schedules to ensure compliance with all federal requirements.