“A U.S. Veterans Affairs (VA) Office of Inspector General (OIG) review found unrelated third-party names and social security numbers in a random sampling of Privacy Act responses completed by Records Management Center (RMC) staff.”
“In May 2016, the Veterans Benefits Administration (VBA) changed its Privacy Act release policy following an OIG counsel determining that ‘there was legal support for releasing unredacted records’ and that includes ‘the disclosure of third-party personally identifiable information (PII) in response to Privacy Act requests if VBA purposely included the information in the requester’s record.’”
“After a review of 30 random Privacy Act responses out of 65,600 requests that RMC staff completed from April 1, 2018 to Sept. 30, 2018. In 18 of those 30 responses, there were 1,027 third-party names and social security numbers.”
“’The review team determine disclosures under the May 2016 release policy raised legal concerns, and more importantly, put millions of people at risk of identity theft,’ the OIG report said…” Read the full article here.
Source: VBA Disclosed Third-Party PII to Privacy Act Requesters – By November 15, 2019. MeriTalk.