Better safeguards are needed to protect personal information managed by the U.S. Environmental Protection Agency, according to an inspector general's report.

Even though the agency is required by federal law to have privacy protection procedures in place, EPA doesn't, according to the report.

"Personally identifiable information" is any information that can be used to find an individual, such as Social Security number, home address or medical history.

Employees also lack knowledge of their responsibilities concerning the protection of such information.

Thus, employees could indadvertedly "mistreat, misuse and/or expose" personally identifiable information without knowing how to avoid doing so, according to the IG.

A program used by EPA to validate personal records of individuals seeking federal benefits lacks sufficient oversight by the agency to ensure that the information it provides is correct, the IG said.

Inaccurate information could be reported by the EPA to the Office of Management and Budget because employees are unsure how to work the program, the report said.

Without strengthening EPA's privacy protections, the IG said personally identifiable information is "at a greater risk of compromise and misuse."