EDD Continues to Put Its Disability and Unemployment Claimants at Risk of Identity Theft by Printing SSNs on Mailed Documents
State entities have a responsibility to protect personal information, but EDD continues to put some Californians at risk of identity theft by mailing documents to claimants that include their full SSNs. As we note in the Introduction, state law protects individuals’ right to privacy and declares that there should be strict limits on the dissemination of personal information. EDD’s information security policies for its staff and data systems are generally consistent with federal and state requirements. For example, one of EDD’s information security and privacy policies allows system access only to staff who have signed confidentiality statements and received information security and privacy awareness training. However, we have concerns about EDD’s practice of mailing documents containing SSNs to individuals because doing so puts those individuals at risk of identity theft. State law allows EDD to print SSNs on mailed documents under certain circumstances. Further, in limited instances it may be necessary for EDD to communicate with a claimant specifically about the claimant’s SSN. Nonetheless, we identified no federal or state law that expressly requires EDD to print SSNs on documents that it mails to claimants. During our audit period of 2015 through 2018, EDD mailed millions of documents annually to claimants that included their full SSNs.
Our review determined that at least half of the mail pieces Disability and Unemployment sent to claimants from EDD’s mailing facility in fiscal year 2017–18 included full SSNs. Although EDD sends hundreds of different types of documents, we reviewed 21 forms and notices that together accounted for more than 70 percent of the metered mail that Disability and Unemployment sent to claimants from EDD’s mailing facility in fiscal year 2017–18. The forms and notices included documents that EDD used to notify claimants of their potential benefit awards, to collect on benefit overpayments, and to verify that claimants were still eligible for benefits. The 21 documents all contained personal information, and 14—including 11 high‑volume documents—contained full SSNs. Based on these high‑volume documents alone, we estimate that EDD sent more than 17 million pieces of mail containing full SSNs in fiscal year 2017–18. Because EDD may send a single claimant multiple pieces of mail that include SSNs, EDD likely sent these 17 million pieces of mail containing SSNs to a total of more than a million Disability and Unemployment claimants.
In response to legislative concerns regarding its use of SSNs, EDD has undertaken efforts since 2015 that have reduced the amount of mail containing full SSNs that it sends annually to claimants by at least 10 million pieces of mail, as Figure 2 shows. Specifically, following a letter from an assemblymember in July 2015 that urged EDD to redact SSNs from mailed correspondence, EDD reviewed its documents and removed SSNs when it determined it could do so without impacting program efficiency or without first creating a unique identifier to replace the SSNs. For example, EDD removed some SSNs from one high‑volume document that we reviewed, and it also removed SSNs from other forms and notices, according to documents that EDD management provided. After another legislator’s office contacted EDD in late 2017, EDD reevaluated its documents in early 2018 and removed SSNs from some additional documents, including one notice it mails when it processes electronic payments for Disability claimants.
EDD Removed SSNs From Certain Documents That It Mails Millions of Times Each Year, But Its Claimants Are Still at Risk of Identity Theft
Source: EDD’s mailing facility reported volumes, analysis of EDD’s timelines and the efforts it made to remove full SSNs from its documents, and interviews with EDD staff.
* Volumes are for documents that EDD reported sending from its mailing facility in fiscal year 2017-18. The volumes above are based on our selection of 21 Disability and Unemployment documents.
EDD missed an opportunity in 2015 to remove SSNs from at least one high‑volume document from which it subsequently removed SSNs in its later efforts. EDD’s goal in 2015 was to conduct a full inventory of documents with SSNs and remove SSNs wherever possible, according to the deputy director of EDD’s Policy, Accountability, and Compliance Branch. However, an EDD administrator initiated an IT service request to remove SSNs from a high‑volume document in 2015 that EDD did not change until 2018. Even then, EDD removed SSNs from only two of the three locations where they appeared on that document: EDD replaced the final SSN with a program‑specific unique identifier in January 2019. EDD management indicated that EDD did not remove SSNs from that document in 2015 because the document was already scheduled to be changed in conjunction with an enhancement project for one of EDD’s systems, and that EDD decided to remove SSNs from the document in 2018 due to delays associated with the enhancement project. Nevertheless, EDD mailed the document with full SSNs more than four million times annually from fiscal years 2015–16 through 2017–18.
Despite its efforts to remove SSNs from mailed documents, EDD has continued to put its claimants at risk of identity theft, and claimants have expressed concerns with EDD’s inclusion of SSNs on documents. EDD could not provide a precise number of claimants who have raised concerns about SSNs on its documents because of limitations of its data, but we identified 50 such complaints that claimants made through EDD’s website from 2015 through October 2018. We include a selection of these complaints in Figure 3, along with EDD’s responses to the complaints. Although EDD reduced the amount of mail it sends that includes SSNs, its efforts did not decrease the number of Disability and Unemployment claimants who receive that mail: EDD still mails every Disability and Unemployment claimant documents containing full SSNs. Further, EDD has continued to send millions of mailings each year that contain SSNs. Until EDD discontinues its use of full SSNs as unique identifiers on documents that it mails to claimants, it will not have fully responded to legislative concerns and its claimants’ concerns, or addressed the risk that it may inappropriately disclose claimants’ information.
Claimants Have Expressed Concerns to EDD About Its Inclusion of SSNs on Documents It Mails
Source: Examination of complaints from EDD’s database of electronic communications with claimants.
EDD Exposed Some Claimants’ Personal Information
Several of the security incident reports that we reviewed from 2015 through 2018 showed that EDD exposed nearly 300 claimants to the risk of identity theft when it inappropriately disclosed their notice‑triggering information—including SSNs—to others. Although the number of affected claimants that we identified is small relative to the millions of documents that EDD mails to claimants, such disclosures could have a significant impact on those affected claimants if they were to become victims of identity theft. A bulletin from the U.S. Department of Justice indicated that an individual who suffers from identity theft could experience out of pocket financial losses and emotional distress—additional burdens for those who may already be facing financial hardship due to disability or unemployment. As EDD itself includes in the notification letters it sends to claimants when it compromises their personal information: the disclosure of this information poses a possible risk of identity theft. EDD’s notification letters also identify steps that claimants can take immediately to protect their identities, such as reporting the potential identity thefts to all three of the major credit bureaus. According to the deputy director of EDD’s Policy, Accountability, and Compliance Branch, EDD is not aware of these incidents resulting in the theft of any claimant’s identity. Nevertheless, these security incidents demonstrate how mailing documents containing SSNs poses a tangible risk to claimants.
In two of those security incidents, EDD inappropriately disclosed a total of more than 100 claimants’ personal information, including SSNs, to other individuals because of problems at its mailing facility. The first incident occurred in September 2015 when EDD believed that it included multiple claimants’ documents in envelopes that it sent to other claimants. EDD staff discovered the error when a machine operator completing the second portion of the print job determined that 33 documents were unaccounted for. Because EDD was unable to determine whose information it inappropriately disclosed, its security incident report shows that EDD notified more than 3,800 claimants that their SSNs and other personal information might have been compromised. The second incident occurred in April 2016 and involved the mailing facility printing double‑sided documents that it should have printed single‑sided. EDD assumes that more than 90 claimants received the full name, mailing address, and SSN of other claimants printed on the reverse side of their own documents. The report describing this incident indicates that EDD sent 188 letters notifying claimants of the printing error.
In other incidents that we reviewed, EDD disclosed the SSNs and other personal information of more than 150 claimants. The single incident affecting the most individuals occurred in April 2015 when an EDD staff member inadvertently sent three bundles of Disability claim documents intended for the document and information management center to the home of a former employee. In responding to this specific incident, EDD sent 112 notification letters to claimants indicating that it released information that may have included full names, addresses, driver’s license or California identification numbers, SSNs, phone numbers, employer names, and medical or health insurance information. Other incidents that we reviewed involved fewer disclosures and occurred due to human error, such as incorrectly inputting information in EDD’s IT systems. For example, in October 2017, an EDD staff member was working on two different sessions in one of EDD’s systems and unintentionally entered data on the wrong claim. The error led EDD to send a document with a claimant’s full name and SSN to an unauthorized recipient. We obtained evidence as recent as March 2018 demonstrating that staff have continued to incorrectly enter claimant information into EDD’s systems, causing exposure of claimants’ personal information to others.
EDD’s Reasons for Continuing to Print Full SSNs on Documents It Mails to Claimants Do Not Outweigh the Associated Risks
EDD has offered a number of reasons for including full SSNs on documents that it mails to claimants, but these reasons do not outweigh the risks of identity theft when alternatives to using SSNs exist. For instance, EDD referenced legal requirements to justify its inclusion of SSNs on mailed documents. Federal law requires states to use SSNs when verifying eligibility for unemployment insurance benefits. In addition, federal law requires EDD to administer Unemployment in such a manner as to pay benefits promptly and properly and to enable it to associate claimants’ records with their SSNs. Federal law also requires EDD to include sufficient information in certain notices to claimants to enable those claimants to understand EDD’s determinations and its reasons for denying or approving benefits. Further, although state law generally prohibits mailing SSNs to individuals, it allows EDD to mail SSNs when state or federal law requires it to do so or to include SSNs in applications and forms to verify the accuracy of an SSN or to establish, amend, or terminate an enrollment process or account. However, while we understand that in limited instances it may be necessary for EDD to communicate with a claimant specifically about that claimant’s SSN, none of these laws expressly require that EDD print SSNs on documents that it mails to claimants. In fact, several federal agencies have established specific practices to reduce or eliminate using SSNs, as we discuss in the Introduction.
The chief of Unemployment’s Policy and Integrity Section (Unemployment section chief) explained that EDD prints SSNs on documents that it mails to claimants to ensure that it can process those documents if it receives them back. For instance, after claimants return certain forms to EDD, one of its systems scans the forms’ SSNs to issue automated benefit payments or to provide other appropriate services. These forms accounted for at least seven million mailings to claimants that contained full SSNs in fiscal year 2017–18. EDD also takes specific actions when it has been unable to deliver certain documents, and it relies upon SSNs to take those actions because of the limitations of its current systems. For example, one of Unemployment’s notices informs claimants of their ineligibility for benefits and their right to appeal EDD’s determination. If the postal service returns that document to EDD as undeliverable, Unemployment uses the SSN to locate the corresponding claim in its systems and record the document as undelivered so it can attempt to reissue the document. According to the Unemployment section chief, this ensures the claimant’s access to due process and ability to appeal. However, EDD has included SSNs in these instances because of its own limitations: it has not yet implemented another method to guarantee that it can reliably locate claimants in certain systems it uses. As we discuss later, we found other methods that EDD could use for this purpose instead of printing full SSNs on documents it mails to claimants.
Disability and Unemployment division chiefs also stated that including SSNs on certain documents allows claimants to verify the accuracy of their SSNs, but printing SSNs on these documents for verification purposes is redundant. Disability and Unemployment claimants provide their SSNs to EDD when they apply for benefits, and EDD then mails the claimants to verify that it correctly received and processed their SSNs. Of the 11 high‑volume documents with full SSNs that we reviewed, three were documents on which EDD asked claimants to verify the accuracy of their SSNs. However, EDD already uses other methods to ensure that claimants’ SSNs are accurate. Unemployment verifies SSNs with the Social Security Administration before asking claimants to verify the same SSNs on mailed documents, and both Disability and Unemployment have procedures to request supporting documentation from claimants if they need to further verify claimants’ SSNs. Moreover, EDD already sends Disability and Unemployment claimants documents that include their wages—the basis for the amount of benefits they receive—to help ensure that EDD has processed their information correctly. Other state workforce agencies have taken advantage of this logic: Washington’s Employment Security Department includes wages but not SSNs on the verification notice it mails to claimants, and the Texas Workforce Commission verifies wages and uses truncated SSNs on documents that it mails to claimants.
EDD Could Implement Interim Measures to Protect Claimants’ Privacy While Awaiting IT Modernization
As we previously describe, EDD removed SSNs in January 2019 from a document that it mails about four million times each year. However, EDD does not currently have a short‑term plan for removing SSNs from the other high‑volume documents that we reviewed, which it mailed at least 13 million times in fiscal year 2017–18. Rather, it intends to incorporate a unique identifier as part of its modernization project, and this will allow it to remove SSNs from these remaining documents, according to EDD’s planning documents and its modernization project director. Nevertheless, EDD’s planning documents and vendor responses to a December 2017 Request for Information indicate that EDD will not complete the modernization project before September 2024—at least another five and a half years. Disability and Unemployment management assert that EDD does not plan to implement any interim solutions to remove SSNs from the high‑volume documents that we reviewed, but we identified a number of different actions it could take to ensure that it protects claimants’ privacy in the short term.
EDD considered replacing SSNs in its existing systems with an alternative unique identifier, but it sought approval for the modernization project instead because it believed its current systems were not fiscally sustainable beyond 2020. According to the IT branch deputy director, the modernization project—which will require fully replacing EDD’s aging IT infrastructure with a unified system—is EDD’s preferred solution for implementing an alternative unique identifier. The IT branch deputy director asserted that incorporating a unique identifier into EDD’s current systems would significantly delay its ability to make progress with its modernization project. She further stated that under the current systems, altering the documents that EDD sends to claimants requires significant programming effort.
EDD’s current plan for implementing the modernization project will enable it to replace SSNs on mailed documents, but it will also delay removing SSNs from the high‑volume documents that we reviewed for several years. According to the IT branch deputy director, EDD cannot provide a precise timeline for the implementation of the modernization project because the project is in its nascent, planning stages. To improve the success of the State’s IT projects, state policy generally requires agencies to participate in a project approval lifecycle that the California Department of Technology (Technology) established. EDD’s planning documents for the modernization project show that EDD began early market research in support of the first stage of a project approval lifecycle in fiscal year 2015–16. It has since hired staff, diverted resources, and obtained approval for two budget change proposals of more than $4 million each to support its planning effort. EDD’s planning documents dated January 2017 further show that EDD proposed a total planning cost of $47.3 million for the project. Based on its most recent planning documents, EDD anticipates that it will award a contract to begin building and implementing the modernization project in September 2022, as we show in Figure 4. EDD’s most recent planning documents and vendor responses to its December 2017 Request for Information indicate that it will not fully implement the modernization project until at least September 2024. However, historically, it has not been uncommon for state IT projects to take longer than expected to complete.
EDD’s Modernization Project Will Take Years to Implement While Claimants’ SSNs Remain Vulnerable
Source: Analysis of EDD’s modernization project planning documents, other information provided by EDD, and EDD’s mailing facility volumes.
* EDD provided this estimated date in September 2018.
Given the timeline for when EDD plans to complete its modernization project, we believe an interim solution to remove or replace SSNs on its remaining documents is warranted: the inappropriate disclosure of claimant information that we previously discuss demonstrates the tangible risk to claimants’ privacy if it does not act sooner. We identified possible solutions that EDD could use to replace full SSNs on each of the documents that we reviewed. Figure 5 highlights these solutions and EDD’s estimates of the costs and time needed to implement them. EDD’s estimates indicate that each solution in Figure 5 would take two to four years with costs ranging from $2.9 million to $26.3 million to implement. We did not audit EDD’s estimates for implementing the solutions we proposed, but those estimates indicate that it could implement these solutions before it completes its modernization project. We asked EDD to confirm that it may be able to replace SSNs on certain high‑volume documents even earlier than its overall estimates suggest—such as by prioritizing three documents that accounted for nearly 10 million of the 13 million mailings that we mention earlier. In response, an IT branch division chief indicated that there are many variables associated with programming, testing, and production, and that it was too early to determine an implementation approach for the documents. Nevertheless, we believe that EDD should strongly consider prioritizing changes to its highest‑volume documents to more quickly minimize the risk of disclosing personal information belonging to the claimants it serves.
EDD Could Take Interim Actions to Replace Remaining SSNs on Its High-Volume Documents
Source: Analysis of EDD documents, estimated costs and timelines that EDD provided, and interviews with key EDD staff.
Notes: The costs and timelines are based on the high-volume Disability and Unemployment documents that we reviewed. EDD provided the estimates of costs and timelines. EDD stated that its estimates include costs associated with Technology’s project approval lifecycle requirements and that implementation costs for some options could be lower if Technology opts to waive the project approval lifecycle requirements or delegate the solutions to EDD for management oversight.
Because of the sensitive nature of one of these solutions, we provided EDD an explanation of how it could implement the proposed solution in a separate confidential management letter.
* This solution would likely provide only partial coverage—roughly 43 percent—of the 13 million documents containing SSNs that we discuss in the Audit Results.
† According to an IT branch division chief, the overall time to implement this solution may be shorter because EDD could potentially overlap some technical changes involved in both truncating SSNs and enhancing system search functionality.
The IT branch deputy director expressed concerns about the limited funding and resources available to implement our proposed solutions, given the volume of projects and the competing priorities and requirements that EDD handles. Even so, the IT branch deputy director said that EDD undertook certain efforts in 2015 and 2018 to reduce its use of SSNs on mailed documents without requesting additional funding from the Legislature. The deputy director provided estimates that attribute roughly $1.5 million in IT costs to those efforts. EDD should assess the costs and benefits of implementing one or more of the solutions that Figure 5 describes, and it should determine whether it needs to request additional funding to do so.
One of the solutions we proposed involves replacing full SSNs with a modified unique identifier. This solution could address the high‑volume documents that we reviewed that still contain full SSNs. Further, EDD management stated that of the solutions we proposed, this option would be the least disruptive to its existing automated systems, policies, and program procedures. They indicated that EDD supports this proposed solution compared to the others we identified.
EDD did express concerns about one of the other solutions that we proposed. This solution involves truncating SSNs on certain documents that EDD mails to claimants, as well as enhancing search functionality in some of its systems. Some of EDD’s systems currently allow staff to search for claims using names, full addresses, and full SSNs, but this solution would allow EDD to process documents using partial identifying information such as the last four digits of claimants’ SSNs. The Unemployment section chief stated that EDD would not be able to guarantee it could match each piece of undelivered mail with a specific claim using this solution and that processing claims using truncated SSNs would take longer because staff would need to use additional search functions. According to the Unemployment section chief, Unemployment’s workload is such that even a one‑minute delay in processing a claim can affect its ability to provide timely benefit payments. However, EDD could not quantify how often it might encounter multiple claimants with the same information, and it did not provide specific time or cost estimates for staff to add names and partial addresses to their searches. The Unemployment section chief also stated that Unemployment does not track the amount of undelivered mail that it receives back. Further, at least one other state’s workforce agency stated that it prints truncated SSNs on all documents requiring an SSN field that it mails to claimants, and that it locates claims using information such as names, addresses, and truncated SSNs.
In addition to the high‑volume documents that we reviewed, we identified low‑volume documents that EDD mails to claimants that include full SSNs. EDD does not mail large quantities of these documents; however, these documents still create a risk of identity theft. After EDD addresses its high‑volume documents, it should evaluate the extent to which it can also replace full SSNs on these other documents. EDD’s estimates of the costs and time needed to implement the solutions in Figure 5 are based on only a selection of documents, but those solutions can apply to other documents that EDD mails to claimants that contain full SSNs, including its low‑volume documents.
We also identified several types of personal information other than full SSNs that EDD has mailed to claimants, including phone numbers, employment histories, and dates of medical treatments. As we note in the Introduction, state law declares that the maintenance and dissemination of personal information should be subject to strict limits and also requires that agencies maintain only personal information that is relevant and necessary to accomplish specific required or authorized purposes. EDD has a policy to limit its collection of personal information and protect the personal information it collects and maintains, which it uses for purposes such as determining claimants’ eligibility for benefits, conducting fraud prevention activities, and reporting information to federal entities. However, EDD’s 2015 and 2018 efforts to remove SSNs from its documents did not evaluate the necessity of collecting and disseminating other types of personal information.
More recently, EDD has taken steps to formalize its processes for reviewing documents that contain personal information. In late 2018, EDD established a committee initially consisting of representatives from its director’s office and certain branches to oversee its use of personal information on its documents. The committee’s guidelines describe steps the committee can take to limit EDD’s inclusion of personal information on its mailings. Although the guidelines currently state that the committee will meet as necessary to review new or revised documents only, EDD provided us with a meeting agenda from February 2019 that incorporates the guidelines into a recently developed plan to review all existing documents. The plan includes prioritizing high‑volume documents and documents that contain personal information. EDD should implement its plan for reviewing new, revised, and existing documents to ensure it eliminates any unnecessary uses of personal information and fully protects its claimants’ privacy.
EDD Has Not Offered Claimants an Alternative to Receiving Mailed Documents That Include SSNs
Absent interim action, EDD’s claimants have no other option but to receive at least some mailed documents containing SSNs. EDD documents indicate that it implemented partial online claimant self‑service functionality for its Disability system in 2012, and its Unemployment system in 2015. Collectively, the online systems allow some claimants to file claims, access claim information, manage their accounts, and specify a preference for electronic or hard copy communication. Neither online system, however, allows claimants to opt out entirely from receiving mailed documents—many with full SSNs—even if the claimants indicate a preference for electronic communication. EDD’s records show that in late 2018, about half of the nearly 1.7 million users who had registered to use the online Disability or Unemployment systems indicated their preference to receive emails from EDD. Nevertheless, EDD includes disclaimers on its website indicating that claimants will still receive some documents through the mail.
The online systems allow claimants to receive certain documents electronically. For instance, Unemployment’s system allows claimants to file online the continued claims form—a high‑volume document that EDD requires Unemployment claimants to submit every two weeks to certify for continued claim benefits. In fact, shortly after implementing the system, EDD documents mention that EDD changed the system default to electronic certification of continued claim benefits for all new registered users. The implementation of the online system has therefore reduced the amount of continued claim forms that EDD mails to claimants, and EDD asserts that claimants increasingly use its electronic certification channels. In addition, the chief of Disability’s Central Office Division stated that EDD intends to provide a paperless communication option for additional documents, including one high‑volume document that contains an SSN. However, because other documents that EDD sends to claimants are not available online, it continues to mail claimants documents that contain SSNs.
The option to indicate a preference for online communication has led some claimants to express confusion about the capability of EDD’s online systems to fully replace mailed documents. In our review of complaint data, we found that EDD received complaints from claimants who were concerned about receiving mailed documents even though they had selected a preference for electronic communication. It appears that some of these claimants believed that they could opt out entirely from receiving mailed documents. State law does require EDD to either mail or personally serve certain documents to claimants, but it is not always necessary for EDD to print SSNs on those documents when it mails them to claimants. The fact that EDD does not currently offer a means for claimants to opt out entirely from receiving mailed documents, which could help minimize unauthorized disclosures of personal information in mailed documents, points to the need for EDD to take additional action in the near term to reduce the risk of inappropriately disclosing SSNs.
Because other state agencies may mail full SSNs to Californians, and because this practice—regardless of the agency involved—exposes individuals to the risk of identity theft, the Legislature should amend state law to require all state agencies to develop and implement plans to stop mailing documents that contain full SSNs to individuals by no later than December 2022, unless federal law requires the inclusion of full SSNs. To ensure that state agencies sufficiently prepare to implement this new law, the Legislature should also require that, by September 2019, they submit to it a report that identifies the extent to which their departments mail any documents containing full SSNs to individuals.
If any agency determines that it cannot reasonably meet the December 2022 deadline to stop including full SSNs on mailings to individuals, the Legislature should require that, starting in January 2023, the agency submit to it and post on the agency’s website an annual corrective action plan that contains, at a minimum, the following information:
- The steps it has taken to stop including full SSNs on mailed documents.
- The number of documents from which it has successfully removed full SSNs and the approximate mailing volume that corresponds to those documents.
- The remaining steps that it plans to take to remove or replace full SSNs it includes on mailed documents.
- The number of documents and approximate mailing volume that it has yet to address.
- The expected date by which it will stop mailing documents that contain full SSNs to individuals.
Finally, if a state agency cannot remove or replace full SSNs that it includes on documents that it mails to individuals by January 2023, the Legislature should require the agency to provide access to and pay for identity theft monitoring for any individual to whom it mails documents containing SSNs.
To reduce the risk of identity theft for its claimants before it completes its modernization project, EDD should, by December 2021, implement one or more of our proposed solutions or another viable solution to discontinue its use of full SSNs as unique identifiers on all documents that it mails to claimants. Further, it should prioritize addressing documents with the highest mail volumes, and it should make changes to these documents by March 2020. When providing us with the status of its implementation of this recommendation at 60 days, six months, and one year after the issuance of this report, and annually thereafter, EDD should note which documents it has addressed since the release of our report, how it has addressed them, and the dates by which it expects to address the remaining documents containing full SSNs that it mails to claimants.
To ensure that it eliminates any unnecessary uses of personal information in its external communications and to ensure that it fully protects its claimants’ privacy, EDD should, by May 2019, implement its recently developed plan for reviewing new, revised, and existing documents. EDD should provide documents to us indicating the progress it has made to implement this recommendation at 60 days, six months, and one year following the release of this report. Finally, it should, by December 2021, complete its full review of existing documents and remove any unnecessary instances of personal information.
We conducted this audit under the authority vested in the California State Auditor by Government Code section 8543 et seq. and according to generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives specified in the Scope and Methodology section of the report. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.
ELAINE M. HOWLE, CPA
California State Auditor