A new GAO report shows the bureau continuing to struggle with privacy and data security issues.
The U.S. Census Bureau was already having a hard time implementing the first digital decennial count of the population. The coronavirus pandemic is making things worse and has resulted in a new group within the organization to do quality assurance on the enumeration data, according to the Government Accountability Office.
“In response to operational and schedule changes, in April the Bureau stood up a 2020 Data Quality Executive Governance Group to provide guidance on data quality efforts and to facilitate the work of various new and ongoing working groups related to data quality,” reads the GAO’s most recent report on Census activities. “According to the Bureau, these efforts will identify new ways to assess and ensure quality, both during and after data collection.”
The Census Bureau has been on the GAO’s high-risk list since 2017, and with four “priority recommendations”—ones which could realize large dollar savings or otherwise significantly improve government operations and therefore deserve the attention of department heads—still not implemented, remains there today.
The results of the high-stakes count are used to inform how congressional districts are drawn and how budgets should be spent.
At the end of April, the bureau still had 234 open plans of actions and milestones for mitigating cybersecurity risks at the “high” and “very high” levels, according to the report.
The Commerce Department has agreed with GAO’s recommendations, the watchdog says, and notes that Census has made progress in completing their remediation plans by deadlines they established for doing so.
“In February 2020, the Bureau reported that it is taking steps to more actively manage overdue POA&Ms and has made progress in closing them,” GAO wrote. “For example, the Bureau reduced the number of open ‘high’ and ‘very high’ risk POA&Ms delayed past their completion dates from 128 in April 2019 to 98 in April 2020.”
And according to the report, the bureau was making progress toward implementing its information technology development and testing schedule. Enter COVID-19 and the bureau’s suspension of activities as the world grappled to prioritize public health.
“As of April 2020, the assistant director for decennial Census programs, systems and contracts stated that the Bureau was continuing to assess the risks associated with the COVID-19-related schedule changes to the implementation of IT, including the number of enumerator handheld devices expected to be available and the significant contract support required to conduct the 2020 Census,” the report reads.
While the majority of the count is happening online, staff is still needed to follow up in-person with segments of the population not digitally captured. Census has ordered a total of half a million handheld devices for staff to use in the process to make up for the lost time. They’ll need additional testing, the official said.
The role of the new governance group will be to ensure data quality under compressed timeframes.
In the report, GAO reviewed the Census Bureau’s statutory obligation to protect the privacy of respondent data and a controversial practice known as differential privacy.
The idea is that by slightly fudging the publicly available numbers from the count, maleficent actors will be less able to piece together which information belongs to which individual by combining the Census data with other sources of publicly available data into a revealing mosaic.
The report did not mention whether the new governance group would have a part in deciding whether the Census Bureau should use differential privacy.
Some observers have expressed concerns that collectively, tweaking the numbers in this way can lead to under or overcounting minority groups.
The Census Bureau has taken public comment on the issue and is set to make a decision on the use of differential privacy by January 2021, GAO reports.