Supports all the wages, employment earnings, savings type data and other financial resources information that is needed to help determine the amount of Retirement, Survivor, or Disability benefits that staff may be entitled to receive or not receive. The overall accountability rating for this information classification is Moderate.
Confidentiality level = Moderate
The confidentiality impact level is based on the effects of unauthorized disclosure of income information on the ability of the organization to identify staff entitlements and obligations and to protect individuals against identity theft and the organization against fraud. Unauthorized disclosure of raw data and other source information for benefits determination and revenue collection operations is likely to violate the various state and international privacy laws and other regulations applicable to the dissemination of personal and organizational information. Unauthorized disclosure of centrally managed income information can have a serious adverse effect on organizational missions. Very large aggregate tort awards can result from large-scale disclosure of income information. Therefore, for entities that manage large income information involving records of the general public, the provisional confidentiality impact level can be expected to be at least moderate.
Integrity level = Moderate
The integrity impact level is based on the specific purpose to which income information is put; and not on the time required to detect the modification or destruction of information. In the case of very large data bases containing income information relating to the general public, there is a significant probability that erroneous actions will be taken affecting the benefits entitlements or liabilities (e.g., tax liabilities) of large numbers of individuals. This can result in at least short-term financial hardship for citizens. It can also be expected to result in very serious disruption of the organization operations due to large time and resource requirements for taking corrective actions. In such cases, the integrity impact level would be at least moderate.
Known mitigating factors toward changing the integrity level
In the case of smaller organizations, and where the information affected is limited to employees, the consequences may justify only a low provisional impact rating.
Availability level = Moderate
The availability impact level is based on the specific purpose to which income information is put; and not on the time required to reestablish access to the income information. Benefits determination and liability calculation (e.g., taxation) processes are generally tolerant of reasonable delays. In many cases, disruption of access to income information can be expected to have only a limited adverse effect on organizational operations, organizational assets, or individuals.
Known mitigating factors toward changing the availability level
In the case of very large data bases containing income information relating to the general public, there is a significant probability that processing delays will affect the benefits entitlements or liabilities (e.g., tax liabilities) of large numbers of individuals. The larger the number of records affected, the longer the delays that can be expected to result. This can result in financial hardship for staff and in serious disruption of the organization operations due to large time and resource requirements for backlog processing. In such cases, the availability impact level would be at least moderate. In the case of permanent loss of records, the impact might even be high.