The agency leading the governmentwide charge toward economical open-office layouts has failed to follow procedures for securing sensitive and confidential documents and property, the General Services Administration’s inspector general found.
A report released Thursday based on unannounced after-hours inspections of GSA’s cutting-edge, renovated headquarters at F Street Northwest in Washington detailed “physical control weaknesses in securing sensitive information” covered by the Privacy Act and the Trade Secrets Act as well as weaknesses in securing “highly pilferable government-furnished personal property” such as laptop computers and identity badges. The report comes about one year after GSA moved into the remodeled space.
The sensitive documents left out or in unlocked drawers overnight included employee performance reviews, building blueprints, and, in one instance, a Federal Acquisition Service Technical Evaluation Board report titled “Source Selection Information,” found in the chief information officer’s office. Also found left unsecured were documents containing an employee’s Social Security number.
GSA has taken great pride in its open office set-up that conserves space by relying on sharing of desks and conference rooms as well as telecommuting and mobile technology.
A check with Federal Protective Services by the IG revealed that in the past year there were five reported thefts at the GSA Central Office, two of which were thefts of GSA property.
In conducting the after-hours inspections, IG forensic auditors tested for unlocked offices, cabinets, safes and lockers, while also searching personal workspaces, supply centers and trash bins. They used “professional judgment” as to whether any document or item merited removal for safekeeping. One employee whose laptop the IG staff confiscated explained the next day that “both personal possessions and GSA property did not fit into an assigned locker; therefore, the employee had decided to secure personal belongings”—pairs of shoes-- in the locker, the report said.
The illustrated report noted that GSA requires extensive training of employees in open-office security practices such as locking up at night, and it regularly reminds staff of the new requirements in memos and blogs.
The watchdog recommended that GSA managers and supervisors enforce GSA policies and procedures for safeguarding private and sensitive information as well as valuable property; routinely monitor for security compliance by employees and contractors; and assess the adequacy of secure storage space.
GSA officials agreed with the findings. “We understand that an open, mobile office may present new challenges to how we secure our space,” wrote Chief of Staff Adam Neufeld in an Oct. 10 letter to the IG. To date, he wrote, managers have sent 10 emails to staff, posted 14 articles on GSA’s internal website, and held online staff conversations on the problem. GSA has also placed new posters and signage around the building, including 200 placards now displayed at workstations, stressing security procedures.
(Image via yuki33 / Shutterstock.com)