U.S. flag

An official website of the United States government Here’s how you know

The .gov means it’s official.

Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.

The site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Document

We evaluated the U.S. Department of Housing and Urban Development (HUD) practices for identifying and protecting personally identifiable information (PII).  The evaluation assessed HUD’s current capabilities to properly manage and protect PII and to properly maintain paper and electronic PII records.  This evaluation was conducted in conjunction with the fiscal year (FY) 2019 Federal Information Security Act of 2014 (FISMA) evaluation 2019-OE-0002.

We determined that HUD had taken positive steps to improve its records management practices.  It had initiated modernization efforts to transition paper-based processes to electronic processes, begun addressing and closing OIG privacy-related recommendations that had been open for several years, and developed a formal communications plan to increase program awareness.  The records officer had increased and improved training for records specialists in program offices and was directing an extensive records inventory project.  However, HUD had not designated a Senior Agency Official for Records Management (SAORM) at the Assistant Secretary level as required by OMB, and was not meeting certain Federal requirements.  HUD was not able to identify and inventory all PII, or search for or track PII.  Recordkeeping practices and retention schedules were outdated, and HUD had not fully integrated the records program with risk management and information technology programs.

We provide nine new recommendations designed to address HUD’s most significant legal and regulatory obligations, along with other critical challenges laid out in this report.

Recommendations

Office of Administration

  •   2019-OE-0002a-01

    Closed on August 27, 2021

    Designate a Senior Agency Official for Records Management at the Assistant Secretary level or its equivalent.

  •   2019-OE-0002a-02

    Closed on August 27, 2021

    Update and issue agency formal records policy, including detailed procedures and requirements for completing and maintaining program office and agencywide inventories of systems, records, and PII.

  •   2019-OE-0002a-03

    Update and obtain final NARA approval of all HUD records retention schedules, including the Capstone email schedule, to comply with Federal requirements, including OMB M-19-21.

  •   2019-OE-0002a-04

    Develop and approve an enterprise strategy to meet all M-19-21 electronic transition requirements.

  •   2019-OE-0002a-05

    Issue a formal policy and requirements for managing CUI.

  •   2019-OE-0002a-06

    Closed on August 27, 2021

    Establish and disseminate a policy on safeguarding or prohibiting the transportation of PII records out of the office for telework purposes.

  •   2019-OE-0002a-07

    Complete the development of performance measures and establish a formal records evaluation process to measure the effectiveness and progress of the records management program.

  •   2019-OE-0002a-08

    Closed on August 27, 2021

    Standardize processes and duties for all RMLOs.

  •   2019-OE-0002a-09

    Closed on August 27, 2021

    Conduct a staffing resource assessment for the HUD records program and identify any skills gaps or resource needs.