Protecting privacy and sensitive data remains a challenge for Federal agencies, the Government Accountability Office (GAO) said in the fourth and final report of its cybersecurity high-risk series.
“We have designated information security as a government-wide high-risk area since 1997,” the Feb. 14 report said. “We expanded this high-risk area in 2003 to include protection of critical cyber infrastructure. In 2015, we expanded it again to include protecting the privacy of personally identifiable information.”
This is the last in GAO’s series of four reports that lay out the main cybersecurity areas the Federal government should urgently address.
The first honed in on Feds performing more effective cybersecurity oversight, the second focused on agencies’ need to secure their systems and information, and the third called for a better effort on critical infrastructure protection.
“We have made 236 recommendations in public reports since 2010 in this area,” GAO’s fourth report on protecting privacy and sensitive data said. The agency said 60 percent of these recommendations have been ignored.
“Until these are fully implemented, Federal agencies will be more limited in their ability to protect private and sensitive data entrusted to them,” the agency said.
Specifically, the government watchdog agency said improvement must be made in Federal efforts to protect privacy and sensitive data.
GAO called on Congress to consider legislation to designate a dedicated, senior-level privacy official at all Federal agencies.
The report also expressed concern about the collection and use of personal information without knowledge or consent, like facial recognition technology – a rising concern amongst lawmakers.
GAO recommended that Federal agencies implement a mechanism to track facial recognition technology use and assess the risks of these systems.
The watchdog also called on agencies to improve their oversight of contractors handling personal information.
The security of systems and data is vital to safeguarding individual privacy and protecting the nation’s security, prosperity, and well-being, the report said.
“Risks to these essential technology systems are increasing,” GAO said. “Attacks could result in serious harm to human safety, national security, the environment, and the economy.”
They continued, “Agencies and critical infrastructure owners and operators must protect the confidentiality, integrity, and availability of their systems and effectively respond to cyberattacks.”