U.S. flag

An official website of the United States government Here’s how you know

The .gov means it’s official.

Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.

The site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.


We evaluated the U.S. Department of Housing and Urban Development (HUD) practices for identifying and protecting personally identifiable information (PII).  The evaluation assessed HUD’s current capabilities to properly manage and protect PII and to properly maintain paper and electronic PII records.  This evaluation was conducted in conjunction with the fiscal year (FY) 2019 Federal Information Security Act of 2014 (FISMA) evaluation 2019-OE-0002.

We determined that HUD had taken positive steps to improve its records management practices.  It had initiated modernization efforts to transition paper-based processes to electronic processes, begun addressing and closing OIG privacy-related recommendations that had been open for several years, and developed a formal communications plan to increase program awareness.  The records officer had increased and improved training for records specialists in program offices and was directing an extensive records inventory project.  However, HUD had not designated a Senior Agency Official for Records Management (SAORM) at the Assistant Secretary level as required by OMB, and was not meeting certain Federal requirements.  HUD was not able to identify and inventory all PII, or search for or track PII.  Recordkeeping practices and retention schedules were outdated, and HUD had not fully integrated the records program with risk management and information technology programs.

We provide nine new recommendations designed to address HUD’s most significant legal and regulatory obligations, along with other critical challenges laid out in this report.

Recommendation Status Date Issued Summary
2019-OE-0002a-01 Closed June 25, 2020 Designate a Senior Agency Official for Records Management at the Assistant Secretary level or its equivalent.
2019-OE-0002a-02 Closed June 25, 2020 Update and issue agency formal records policy, including detailed procedures and requirements for completing and maintaining program office and agencywide inventories of systems, records, and PII.
2019-OE-0002a-03 Open June 25, 2020 Update and obtain final NARA approval of all HUD records retention schedules, including the Capstone email schedule, to comply with Federal requirements, including OMB M-19-21.
2019-OE-0002a-04 Open June 25, 2020 Develop and approve an enterprise strategy to meet all M-19-21 electronic transition requirements.
2019-OE-0002a-05 Open June 25, 2020 Issue a formal policy and requirements for managing CUI.
2019-OE-0002a-06 Closed June 25, 2020 Establish and disseminate a policy on safeguarding or prohibiting the transportation of PII records out of the office for telework purposes.
2019-OE-0002a-07 Open June 25, 2020 Complete the development of performance measures and establish a formal records evaluation process to measure the effectiveness and progress of the records management program.
2019-OE-0002a-08 Closed June 25, 2020 Standardize processes and duties for all RMLOs.
2019-OE-0002a-09 Closed June 25, 2020 Conduct a staffing resource assessment for the HUD records program and identify any skills gaps or resource needs.