Summary: Pursuant to a legislative requirement, GAO provided information on: (1) the purposes and manner in which the information maintained in the Office of Child Support Enforcement's (OCSE) Federal Parent Locator Service (FPLS), including the Federal Case Registry of Child Supporters, the National Directory of New Hires, and the State Directory of New Hires had been used; and (2) whether these databases have adequate safeguards to protect the privacy of individuals.
GAO noted that: (1) the FPLS, including the National Directory and the Case Registry, is housed on the Social Security Administration's (SSA) mainframe computers at its national computer center in Baltimore, Maryland; (2) under the expanded FPLS, information transmitted from the state directories of new hires or from other state-maintained databases to the National Directory and the Case Registry will be automatically compared and matches provided to the appropriate state electronically; (3) according to OCSE officials, another use of the expanded FPLS is OCSE staff accessing it to assist states in their queries; (4) in addition, officials stated that information from the expanded FPLS is provided to other users--primarily SSA; (5) a SSA official told GAO that SSA uses information from the National Directory to determine if individuals who are receiving Supplemental Security Income have unreported income; (6) in addition to information from the expanded FPLS, states use their State Directory of New Hires to assist in child support enforcement; (7) according to officials in six states, information from their systems is used to send wage withholding notices to employers and, in most cases, update state child support case files; (8) updating case files assists caseworkers in locating parents, establishing paternity, and establishing or amending child support orders; (9) SSA, which houses the expanded FPLS, has known weaknesses in the security of its information systems; and (10) in November 1998, a public accounting firm under contract to SSA's Office of the Inspector General reported that SSA had made noteworthy progress in addressing information protection weaknesses raised previously but that SSA's systems environment remained threatened by weaknesses, including: (a) the entitywide security program and associated weaknesses in local area networks and distributed systems security; (b) mainframe security in controlling access to sensitive information; (c) physical access controls; and (d) the certification and accreditation of certain general support and major application systems.