Funny story: I once worked at OPM as a GS civilian. I know a bit about this.
We were aware of shortcomings in PII use and protection - particularly with USAJOBS and USAStaffing (not on the SF-86/investigations side, done by FISD division). I tried to get senior leaders (GS-14, 15 and SES who ran USAJOBS in HCLMSA, a division which no longer exists) at OPM to better protect PII. They constantly skirted the issue and tried to do the least to make system adjustments.
At the time, OPM was using Monster.com website mechanics to underpin USAJOBS. Monster was the contractor who made USAJOBS for OPM. Congress was concerned because Monster.com had been hacked recently. OPM collected SSNs from all Fed applicants - even those who never got interviewed or hired for a job. That's just a huge database to try to protect. Over 40M Americans had a USAJOBS account - basically every able bodied American age 20-40 had applied to join the government at some point. Anyway, Congress wanted OPM to better safeguard PII/SSNs. Congress told us they would happily fund the proposed system encryption enhancements, as long as OPM implemented them.
I convinced my SES at OPM that we should do more to encrypt and safeguard PII, particularly SSNs. We spoke with the SES div leaders around OPM. We pushed it up to the agency Acting Director. We got him on board. We proposed a new Presidential Executive Order. We got it signed by POTUS. It's E.O. 13478.
We took the signed E.O. back to those same recalcitrant GS-14s and 15s at OPM. We asked them to do more to safeguard PII, in compliance with the new E.O. They just stared at me blankly and said "That does not change anything. We aren't going to change how we collect and safeguard PII." So frustrating. To be fair, the E.O. had no teeth, so OPM just ignored it... even though OPM sponsored it.
We were aware of shortcomings in PII use and protection - particularly with USAJOBS and USAStaffing (not on the SF-86/investigations side, done by FISD division). I tried to get senior leaders (GS-14, 15 and SES who ran USAJOBS in HCLMSA, a division which no longer exists) at OPM to better protect PII. They constantly skirted the issue and tried to do the least to make system adjustments.
At the time, OPM was using Monster.com website mechanics to underpin USAJOBS. Monster was the contractor who made USAJOBS for OPM. Congress was concerned because Monster.com had been hacked recently. OPM collected SSNs from all Fed applicants - even those who never got interviewed or hired for a job. That's just a huge database to try to protect. Over 40M Americans had a USAJOBS account - basically every able bodied American age 20-40 had applied to join the government at some point. Anyway, Congress wanted OPM to better safeguard PII/SSNs. Congress told us they would happily fund the proposed system encryption enhancements, as long as OPM implemented them.
I convinced my SES at OPM that we should do more to encrypt and safeguard PII, particularly SSNs. We spoke with the SES div leaders around OPM. We pushed it up to the agency Acting Director. We got him on board. We proposed a new Presidential Executive Order. We got it signed by POTUS. It's E.O. 13478.
We took the signed E.O. back to those same recalcitrant GS-14s and 15s at OPM. We asked them to do more to safeguard PII, in compliance with the new E.O. They just stared at me blankly and said "That does not change anything. We aren't going to change how we collect and safeguard PII." So frustrating. To be fair, the E.O. had no teeth, so OPM just ignored it... even though OPM sponsored it.
Last edited: