The Office of Economic Opportunity has built strong privacy protections into the Integrated Data System. These practices conform to the federal regulations that govern the confidentiality of education records and unemployment insurance information. OEO determines and authorizes "need to know" access to personal information. OEO also minimizes disclosure risk by anonymizing data when used for statistical research and applies disclosure control methods to tabulations and other output from studies before release.
Everyone working on the IDS, regardless of the access level granted to perform assigned duties, is required to pass a strict background check of state and federal criminal history records and to maintain a security clearance throughout the individual’s access period.
OEO restricts access to identifiable information to a small number of people who develop record linkages for subsequent statistical research.
OEO recognizes that compromised credentials are one of the most common causes of security breaches, Accordingly, OEO requires those operating or using the data system to use two-step identity verification that requires the use of tamper-resistant and phishing-resistant physical security keys for the second step in the verification process.
Through training, monitoring and reporting, OEO reduces the risk of intentional or unintentional misuse of privileges by authorized system operators and users.
Encryption is one of many techniques OEO uses to protect data when it is at rest and in transit. OEO encrypts data in storage using recommendations from the National Institute of Standards and Technology (NIST). OEO also protects data transmissions by encrypting data before transmission; verifying the source (either a person or process) and the destination; and checking that the data arrives unaltered.
Our mission is to maintain data security at all times. OEO continuously monitors the IDS data system and its environment using best-in-class tools. In partnership with industry experts and government agencies, OEO runs a comprehensive risk management program based on the NIST framework to proactively assess and mitigate risk to data system operations. This includes the implementation and periodic assessment of numerous safeguards and countermeasures designed to protect the data system.
Privacy Impact Assessment
A Privacy Impact Assessment (PIA) is an analysis of how personally identifiable information is collected, used, disseminated and maintained. It examines how an organization has addressed privacy concerns throughout the life cycle of the data system. OEO conducted a PIA when establishing the data system. OEO intends to update assessments under the following circumstances:
The technology using the data changes, even if the data remains the same.
The data system collects new data or revises the data it collects because of new partnerships or changes in regulations.
To ensure transparency and to help establish public trust in IDS operations, OEO publishes the results of the most recent PIA on this page.
Privacy Impact Assessment (PDF, 165KB, 14 pages)