Quad to Pay GPO $750K to Settle Allegations of Security Lapses
The list of alleged security violations is scary. An investigation by the Government Publishing Office's Office of Inspector General into one of its contractors, Quad/Graphics Inc., alleged that Quad:
- Allowed unauthorized employees who had not undergone required background checks to work on the contracts;
- Altered sign-in sheets to conceal the fact that the unauthorized employees had access to the secure work area;
- Failed to dispose of waste containing personally identifiable information according to GPO procedures; and
- Used malfunctioning security cameras to monitor production runs and the bale room.
These are the violations every organization risks when they send their secure printing to an outside provider rather than keeping it in-house at their own in-plant. When an organization's own employees are overseeing the security of its documents, they have a vested interest in being vigilant about data security and in following security procedures to the letter.
This security lapse has proved costly for Quad, which has agreed to pay $750,000 to the United States to resolve these allegations. Since January of 2013, the Sussex, Wis.-based company has been providing printing services under contracts with the GPO. These contracts involved the electronic receipt and printing of Social Security Administration forms that contain personally identifiable information, protected from disclosure under the federal Privacy Act and other laws. Under the contracts, the company was to meet security requirements involving the handling of documents with personally identified information, including the handling of waste.
The GPO Office of Inspector General investigated one of Quad's facilities in Chalfont, Pa. As a result of the investigation, the United States alleged the civil claims. In addition to the $750,000 payment, Quad/Graphics has agreed to a series of changes in the way it trains its employees on the handling of documents containing personally identifiable information and in the actual physical layout of its printing facility to maximize security of personal identification information.
The claims resolved by this settlement are allegations only, and there has been no determination of liability.
The settlement was the result of a coordinated effort among the Civil Division of the U.S. Attorney’s Office of the District of Columbia and the GPO Office of Inspector General. In announcing the settlement, U.S. Attorney Channing D. Phillips and Inspector General Michael A. Raponi commended the work of Special Agent Keith D. Olive, who investigated the case from the Inspector General’s Office, and Assistant U.S. Attorney Darrell C. Valdez of the U.S. Attorney’s Office.
“I commend the efforts of GPO’s OIG and the U.S. Attorney’s Office of the District of Columbia to resolve this matter,” says Davita Vance-Cooks, Director of the GPO. “I deeply appreciate the efforts of the OIG’s audits and investigative staffs to ensure the integrity and efficiency of GPO programs and operations and to safeguard the handling of documents containing personally identifiable information.”
