A publishing company based in Wisconsin has agreed to pay $750 thousand in civil penalties to resolve claims arising from allegations that it sloppily complied with the terms of its Government, particularly requirements related to safeguarding personally identifiable information. These claims were only allegations and the contractor admitted no liability in paying the $750 thousand.
The company specialized in print solutions like retail inserts, publications, catalogs, direct mail, packaging, books, and directories. In 2013, the company received a contract from the GPO (Government Publishing Office) that involved printing forms for the Social Security Administration that contained personally identifiable information. The information was protected from disclosure under the Federal Privacy Act, among other laws. The contract called for the company to meet security requirements involving the handling of documents, including the handling of waste.
Somewhere along the line - we don't know if it was based on an audit of some kind or a whistle-blower - the GPO's Office of Inspector General got wind of an allegation that the contractor was not complying with some of the security requirements. The allegations included failing to dispose of waste according to GPO procedures (did they dump social security numbers in the dumpster?), used malfunctioning security cameras to monitor production, and allowed unauthorized employees who had not undergone required background checks to work on the contract access to the facilities. The contractor exacerbated the situation by altering sign-in sheets to conceal the fact of unauthorized access of secure facilities.
In addition to the $750 thousand find, the contractor now has to send its employees through remedial training on handling documents containing personally identifiable information and in the actual physical layout of its printing facility to maximize security of personal identification information.
This incident underscores the seriousness with which the Government ensures that information remains private. You can read the Justice Department's press release here.