Statistics bureau will post no data before its time

The Bureau of Labor Statistics this month decided to suspend the posting of some
economic data on its Web site until it can create new posting rules.


Although security was the driving force behind the decision, it is not hackers BLS is
concerned about. The problem is mistakes by the bureau’s own employees.


The decision came after a BLS blunder Nov. 4 that resulted in the posting of sensitive
employment data on the bureau’s Web site a day and a half before the data was
scheduled for release. The mistake sparked a miniature bond rally as investors traded on
the information.


“A staff member thought that clearance had been given to place the files
containing the data onto a BLS internal server. This task was executed without recognition
that the action would prompt the system to load the files immediately on to the
public-access Web site,” BLS commissioner Katharine G. Abraham said.


Although BLS has rigorous procedures for placing its publications and time-specific
data on the Web, it had not applied these procedures to supplementary materials, although
some of this data is just as sensitive, Abraham said.


“BLS has allowed each data program office to design procedures for loading its own
supplemental data and technical materials to a server that is linked to the BLS Web
site,” she said.


Not anymore. Abraham directed all BLS offices to cease loading supplemental materials
onto its Web site “until such time as our procedural safeguards can be reviewed and
strengthened.”


BLS expects this to take at least two weeks, probably longer. Anyone can still get the
data, but they must request it directly from BLS and have it either faxed or mailed to
them.


Abraham has also initiated a review of every process connected with the posting of data
to the Internet and asked the Labor Department’s inspector general to help the bureau
review all activities associated with data dissemination, including fax and other methods.


Placement of BLS publications and time-specific data is already automated, BLS
spokeswoman Kathy Hoyle said. The information cannot be loaded onto the Web except by
information technology personnel, and this data is only sent to them after it has been
fully reviewed, Hoyle said.


Other agencies contacted said they use similar safeguards to avoid data being
erroneously placed on the Internet. At the Environmental Protection Agency and the
Securities Exchange Commission, only the IT staff can load anything on to the Web sites.
 

inside gcn

  • Phishing

    Phishing is still a big problem, but users can help shrink it

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group