While the 2030 Census is still years away, a new Government Accountability Office (GAO) report reveals the U.S. Census Bureau still has some work to do to improve its IT modernization efforts critical to that mission.
According to the report, the Census Bureau lacks reliable cost and schedule estimates for one of its key IT modernization programs, known as the Center for Enterprise Dissemination Services and Consumer Innovation (CEDSCI). This program is aimed at modernizing data dissemination systems and improving users’ experience when interacting with Census data.
The report explains that the Census Bureau fully implemented selected leading practices for risk management for the program, and it substantially implemented leading practices for requirements management.
“However, it did not consistently trace requirements forward and backward from their source to the end product,” the report says. “As a result, the program faces challenges in ensuring it adheres to project requirements. Additionally, the program’s cost and schedule estimates were unreliable because the bureau did not substantially or fully implement leading practices.”
“Without reliable cost and schedule estimates, the bureau increases the risk of cost overruns and unmet performance targets,” GAO said.
Additionally, GAO noted that the Census Bureau “lacks detailed plans and strategies” to address cybersecurity challenges when implementing its IT modernization programs.
For instance, GAO said it previously identified cybersecurity and privacy challenges the bureau faces when implementing these programs. These include addressing cybersecurity workforce challenges, improving information security initiatives and programs, enhancing detection and response to cyber incidents, and ensuring respondent privacy while maintaining the usability of public Census data.
While the bureau has taken some steps to address these challenges, GAO said that it needs concrete plans and strategies. For example, the Census Bureau drafted a cybersecurity strategy in 2023, but GAO said it hasn’t been finalized and doesn’t include specific information such as timelines.
“In addition, the bureau was unable to provide detailed information about the steps it plans to take to balance the privacy of respondents to the 2025 American Community Survey against the usability of public data,” the report adds. “Until the bureau develops detailed plans and time frames for these activities, it risks not meeting its objectives of effectively securing and protecting its IT systems and data.”
GAO offered up five recommendations to the Department of Commerce – the Census Bureau’s parent agency – related to managing requirements, estimating cost and schedule, and developing plans and time frames on cybersecurity and privacy challenges.
Commerce agreed with all five recommendations and said it would take steps to improve in these areas. It also stressed that – related to confidentiality and the American Community Survey – the Census Bureau is “committed to thoroughly protecting respondent data.”
