GAO: Data Breach Policies Challenge Even Government Agencies
January 21, 2014
Jan. 21, 2014
Merchants and financial institutions aren’t the only ones with data breach headaches. A recent U.S. Government Accountability Office study reviewed eight federal agencies and found that while they “generally” developed data security breach policies and procedures, they inconsistently implemented them.
The National Credit Union Administration was not part of the study. However, the Federal Reserve, Federal Deposit Insurance Corp., Securities and Exchange Commission and the U.S. Treasury Department were.
The GAO summary explains that the term “data breach” generally refers to the unauthorized or unintentional exposure, disclosure, or loss of sensitive information and that such a breach can leave individuals vulnerable to identity theft or other fraudulent activity.
“Although federal agencies have taken steps to protect (personally identifiable information), breaches continue to occur on a regular basis. In fiscal year 2012, agencies reported 22,156 data breaches — an increase of 111 percent from incidents reported in 2009,” the GAO said.
The report was posted to the GAO website Dec. 9, 2013, coincidentally about nine days before news of the massive data breach at Target first broke.
Questions? Contact the Compliance Hotline: 1.800.546.4465, firstname.lastname@example.org.