Report of Investigation Regarding the 2019 Clearinghouse Data Breach

Date Issued

Friday, September 25, 2020

Submitting OIG

Consumer Product Safety Commission OIG

Other Participating OIGs

Consumer Product Safety Commission OIG

Agencies Reviewed/Investigated

Consumer Product Safety Commission

Report Number

20-ROI-01

Report Type

Investigation

Agency Wide

Yes

Number of Recommendations

Open Recommendations

This report has 5 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
3	No	$0	$0
Complete and publish a document describing lessons learned after the BRT completes its work related to this breach.
22	No	$0	$0
Annually update and require refresher training for all Clearinghouse staff on the use of the data extraction tool and policies and procedures for accomplishing Clearinghouse work, up to and including the AED for EPHA.
23	No	$0	$0
Develop, disseminate, provide training, and implement policies and procedures on how to use this new data extraction tool to all Clearinghouse staff, up to and including the AED for EPHA. These policies must include step-by-step instructions and checklists to aid staff in completing routine tasks. These policies must include guides and checklists for supervisory review of Clearinghouse staff work.
32	Yes	$0	$0
Determine, document, and implement a structure for the Clearinghouse.
35	No	$0	$0
Implement the recommendations from the Human Resources study.