The most recent in a series of US Government Accountability Office (GAO) reports on the state of cybersecurity across the federal government makes specific recommendations about the collection, use, and sharing of personally identifiable information (PII).
In a Feb. 14 report, the GAO recommended improving the protection of private data, particularly information collected in retirement plans.
Besides the cybersecurity of stored data, the report calls on agencies to establish data privacy policies and procedures that include record-keeping that identifies the types of personal data collected, regular privacy impact reviews, and the coordination of these data privacy functions across the agency.
The latest GAO cybersecurity assessment points out, as it has in previous reports, that agencies have been slow to adopt its recommendations.
“We have made 236 recommendations in public reports since 2010 with respect to protecting cyber critical infrastructure,” the GAO added in its report. “Until these are fully implemented, federal agencies will be more limited in their ability to protect private and sensitive data entrusted to them.”