Introduction

The Enterprise Income Verification System (EIV) is utilized by Public Housing Agencies (PHAs) to verify tenant income.  EIV tenant data is to be used only to verify a tenant’s eligibility for participation in or level of assistance in a U.S. Department of Housing and Urban Development (HUD) rental assistance program. 

This policy outlines the practices, controls, and safeguards which must be adhered to by the Michigan State Housing Development Authority (MSHDA) in order to meet Federal standards to adequately protect the confidentiality of the tenant wage data and ensure compliance with federal laws regarding the protection of this information. 

EIV data must be used for official purposes only and must not be disclosed in any way that violates the privacy of our program participants. 

Section A:  Security Officer

MSHDA’s Office of Existing Housing Programs’ (EH) Security Officer (SO) will maintain EIV access logs, granting or revoking access as appropriate.  The SO will conduct annual security awareness training to all Existing Housing staff and contracted agents who have access to EIV materials, and obtain a user Agreement from all trainees.  The SO will report any incidences of potential compromise of secure data to MSHDA’s Executive Director, and oversee the physical security of EIV data. 

Section B:  Access to Data

Access to EIV data will be granted by the Security Officer, and restricted to MSHDA EH staff whose duties require access and contracted Housing Agents (HA).  An individual’s level of access will be determined by the SO based upon need. 

Any person who fails to follow any of MSHDA’s or HUD’s standards may be subject to disciplinary action and/or prosecution. 

Warnings in the EIV system welcome page provide a reminder each time the user logs in of the security considerations of the EIV system.

Section C:  Safeguards – Physical

Housing Choice Voucher (HCV) participant files are maintained in a limited access building in a restricted area.  Posted signs designate the restricted file area.  No persons are allowed in the restricted area unless accompanied by an authorized EH staff person.  Participant files are labeled with a red “confidential” sticker.

Section D:  Safeguards – Administrative

MSHDA EH employees and HAs will only be granted EIV access or user privileges upon completion of Security Awareness Training and after signing a User Agreement.   User Agreements will be maintained by the Security Officer.  Employees/Agents who do not have a signed User Agreement will not be allowed to access EIV data.

Section E: Criminal Penalties Associated with the Privacy Act

 The Privacy Act of 1974 as amended, 5 U.S.C. § 552 (a) (i) states:

1. Any officer or employee of an agency, who by virtue of his employment or official position, has possession of, or access to, agency records which contain individually identifiable information the disclosure of which is prohibited by this section or by rules or regulations established there under, and who knowing that disclosure of the specific material is so prohibited, willfully discloses the material in any manner to any person or agency not entitled to receive it, shall be guilty of a misdemeanor and fined not more than $5,000.
2. Any officer or employee of any agency who willfully maintains a system of records without meeting the notice requirements of subsection (e)(4) of this section shall be guilty of a misdemeanor and fined not more than $5,000.
3. Any person who knowingly and willfully requests or obtains any record concerning an individual from an agency under false pretenses shall be guilty of a misdemeanor and fined not more than $5,000.

(September 2005)