Federal organizations have a fundamental responsibility to protect the privacy of individuals and their personally identifiable information (PII) that is collected, used, maintained, shared, and disposed of by agency programs and information systems. The management of U.S. Department of Housing and Urban Development (HUD) programs demands the availability and use of extensive amounts of financial, demographic, and personal information. HUD is entrusted with the PII of millions of individuals. Its compromise would result in considerable inconvenience and financial hardship for these individuals. A compromise may also lead to a lack of trust, and unwillingness by external parties to share personal information with the agency, thereby jeopardizing HUD’s ability to complete its mission.

Concern for the security of personal information on Federal systems has intensified with recent large-scale compromises of such information. Federal agencies have more responsibility than ever for ensuring proper enterprise information security to address the growing threat of cyberattacks and data breaches. A critical component in each Federal agency’s cybersecurity capability is the agency’s privacy program. The privacy program must ensure that 1) adequate safeguards are in place to correctly manage and protect sensitive information and mitigate risks and 2) privacy implications are thoroughly considered in all business and operational decisions.

Congress and relevant oversight entities have established many requirements for proper stewardship and security of PII by Federal agencies. We conducted this evaluation to assess HUD’s compliance with Federal guidance and the overall effectiveness of its privacy program.

The OIG has determined that the contents of this report would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.  Please contact the Office of Evaluations at [email protected] to request a copy of this report.