A Government Accountability Office (GAO) report released on May 20 is offering some good news: the Nuclear Regulatory Commission (NRC) since last year has improved its capabilities to protect personally identifiable information (PII).
NRC’s progress on that front responds to a GAO finding and recommendation issued early in 2023.
“In September 2023, NRC provided updated privacy policies and procedures, which specify the role of the Senior Agency Official for Privacy in key risk management steps for systems with [PII], as we recommended,” GAO said in the latest report.
While NRC has done well in improving its ability to protect sensitive data, GAO said there are still other areas where the agency can do more to carry out agency functions.
“GAO identified eight priority recommendations for the [NRC],” the watchdog agency said.
“Since then, NRC has implemented one of those eight priority recommendations, which improved the security of personally identifiable information. Seven priority recommendations remain open.”
The remaining recommendations include addressing the security of radiological sources and improving the reliability of cost estimates.
“We urge your attention to these government-wide, high-risk issues as they relate to NRC. Progress on high-risk issues has been possible through the concerted actions and efforts of Congress, the Office of Management and Budget (OMB), and the leadership and staff in agencies, including within NRC,” GAO said.
