Information Security: Agency Responses to Breaches of Personally Identifiable Information Need to Be More Consistent

PDF Version Also Available for Download.

Description

A letter report issued by the Government Accountability Office with an abstract that begins "The eight federal agencies GAO reviewed generally developed, but inconsistently implemented, policies and procedures for responding to a data breach involving personally identifiable information (PII) that addressed key practices specified by the Office of Management and Budget (OMB) and the National Institute of Standards and Technology. The agencies reviewed generally addressed key management and operational practices in their policies and procedures, although three agencies had not fully addressed all key practices. For example, the Department of the Army (Army) had not specified the parameters for offering ... continued below

Creation Information

United States. Government Accountability Office. December 9, 2013.

Context

This report is part of the collection entitled: Government Accountability Office Reports and was provided by UNT Libraries Government Documents Department to Digital Library, a digital repository hosted by the UNT Libraries. More information about this report can be viewed below.

Who

People and organizations associated with either the creation of this report or its content.

Provided By

UNT Libraries Government Documents Department

Serving as both a federal and a state depository library, the UNT Libraries Government Documents Department maintains millions of items in a variety of formats. The department is a member of the FDLP Content Partnerships Program and an Affiliated Archive of the National Archives.

Contact Us

What

Descriptive information to help identify this report. Follow the links below to find similar items on the Digital Library.

Description

A letter report issued by the Government Accountability Office with an abstract that begins "The eight federal agencies GAO reviewed generally developed, but inconsistently implemented, policies and procedures for responding to a data breach involving personally identifiable information (PII) that addressed key practices specified by the Office of Management and Budget (OMB) and the National Institute of Standards and Technology. The agencies reviewed generally addressed key management and operational practices in their policies and procedures, although three agencies had not fully addressed all key practices. For example, the Department of the Army (Army) had not specified the parameters for offering assistance to affected individuals. In addition, the implementation of key operational practices was inconsistent across the agencies. The Army, VA, and the Federal Deposit Insurance Corporation had not documented how risk levels had been determined and the Army had not offered credit monitoring consistently. Further, none of the agencies we reviewed consistently documented the evaluation of incidents and resulting lessons learned. Incomplete guidance from OMB contributed to this inconsistent implementation. As a result, these agencies may not be taking corrective actions consistently to limit the risk to individuals from PII-related data breach incidents."

Language

Item Type

Identifier

Unique identifying numbers for this report in the Digital Library or other systems.

Collections

This report is part of the following collection of related materials.

Government Accountability Office Reports

The U.S. Government Accountability Office (GAO) is an independent, nonpartisan agency that works for the U.S. Congress investigating how the federal government spends taxpayers' money. Its goal is to increase accountability and improve the performance of the federal government. The Government Accountability Office Reports Collection consists of over 13,000 documents on a variety of topics ranging from fiscal issues to international affairs.

What responsibilities do I have when using this report?

When

Dates and time periods associated with this report.

Creation Date

  • December 9, 2013

Added to The UNT Digital Library

  • June 12, 2014, 7:50 p.m.

Usage Statistics

When was this report last used?

Yesterday: 0
Past 30 days: 0
Total Uses: 2

Where

Geographical information about where this report originated or about its content.

Place Name

Publication Place

Map Information

  • map marker Automatically generated Place Name coordinates.
  • map marker Automatically generated Publication Place coordinates.
  • Repositioning map may be required for optimal printing.

Mapped Locations

Interact With This Report

Here are some suggestions for what to do next.

Start Reading

PDF Version Also Available for Download.

Citations, Rights, Re-Use

United States. Government Accountability Office. Information Security: Agency Responses to Breaches of Personally Identifiable Information Need to Be More Consistent, report, December 9, 2013; Washington D.C.. (digital.library.unt.edu/ark:/67531/metadc298322/: accessed August 21, 2017), University of North Texas Libraries, Digital Library, digital.library.unt.edu; crediting UNT Libraries Government Documents Department.