Information required to determine the need for representative payees and the data that is gathered to make the determination of who should serve as the representative payee for all beneficiaries of organizational benefits who are unable to manage their own funds. The overall accountability rating for this information classification is Moderate.
Confidentiality level = Moderate
The confidentiality impact level is based on the effects of unauthorized disclosure of representative payee information on the ability of the organization to determine that entitlement funds are being used appropriately for the well being of entitled individuals - and to protect individuals against identity theft and the organization against fraud. Unauthorized disclosure of data for representative payee operations is likely to violate the various state and international privacy laws and other regulations applicable to the dissemination of personal information. Unauthorized disclosure of centrally managed representative payee information can have a serious adverse effect on organizational missions and on large numbers of individuals. Great hardship for individuals and very large aggregate tort awards against the organization can result from large-scale disclosure of representative payee information. Therefore, in the case of large representative payee information databases, the provisional confidentiality impact level can be expected to be at least moderate.
Integrity level = Moderate
The integrity impact level is based on the specific use of the payee information and not on the time required to detect the modification or destruction of information. In the case of very large databases containing representative payee information relating to staff and/or clients, there is a significant probability that erroneous actions will be taken affecting the benefits payments to large numbers of individuals. This can result in at least short-term financial hardship for our most vulnerable staff and/or clients. Loss of integrity can result in serious disruption of the organization operations. In such cases, the integrity impact level would be at least moderate.
Known mitigating factors toward changing the integrity level
In the case of fraudulent diversion of payments intended for particularly dependent individuals, there can be life-threatening consequences. In such cases, a high integrity impact rating may be justified.
Availability level = Moderate
The availability impact level is based on the specific use of the representative payee information and not on the time required to reestablish access to the representative payee information. Benefits payment processes are not necessarily tolerant of delays. In many cases, disruption of access to representative payee information can be expected to have a very serious adverse effect on individuals.
Known mitigating factors toward changing the availability level
In the case of very large data bases containing representative payee information relating to staff and/or clients, there is a significant probability that processing delays will affect the benefits payments to large numbers of individuals. The larger the number of records affected, the longer the delays that can be expected to result. This can result in financial hardship for some individuals and in serious disruption of organizational operations. In such cases, the availability impact level would be at least moderate. In the case of permanent loss of records, the impact might even be high.