How States Safeguard USDA's SNAP Participants' Personally Identifiable Information

All applicants and participants in the Supplemental Nutrition Assistance Program (SNAP) are required to submit personally identifiable information (PII) for verification before receiving benefits.​ The primary purpose of this study was to both better understand how state agencies (SAs) are protecting the personally identifiable information (PII) of SNAP participants and gather best practices for data security.

This attention to protecting SNAP PII is crucial due to the growing amount of program data collected and stored by SAs, the extent of data matching and sharing between SAs and the federal government, and the increasingly sophisticated methods of breaching data safeguards.

Study Objectives

1. Describe the policies and regulations that address safeguarding PII.
2. Detail the methods that can be used to safeguard PII.
3. Outline precautions that SAs currently take to protect PII.
4. Examine the consistency of these safeguards among SAs.
5. Provide recommendations for improving how PII is protected by SAs.

Key Findings

• In the area of personnel policies and procedures, a majority of SAs limit staff access to SNAP applicant/recipient PII and offer staff training on safely handling and storing PII, although the frequency and thoroughness of training was inconsistent.
• For security policies and procedures, most SAs have implemented measures for protecting PII and have plans in place for responding to data security incidents. Most SAs (nearly 80%) have not experienced data breaches.
• For safeguarding practices used during program operations, few SAs reported masking SSNs during data entry, but most reported timeout functions on eligibility system screens.