Agencies Fall Short on Protecting User Data

Government Accountability Office says many agencies still haven't met guidelines

Tim Wilson, Editor in Chief, Dark Reading, Contributor

February 25, 2008

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Many government agencies have failed to meet the guidelines for protecting personal information that were established two years ago after the breach at the Department of Veterans Affairs.

According to a report issued by the Government Accountability Office (GAO) today, a number of agencies fell short on recommendations for securing databases, remote access, and mobile devices. All of the agencies received a downgrade in their scores for e-government progress on the President's Management Agenda Scorecard

Of the 24 major agencies audited in the report, only 11 had established policies for logging data extracted from agency databases and for erasing the data within 90 days of extraction. Only 15 agencies had established a "time out" function for remote and mobile devices that requires user re-authentication after 30 minutes of inactivity.

And despite the huge flap following the exposure of veterans' data after a laptop theft at the VA, two agencies still have not developed policies that require encryption of data on mobile computers and devices, the GAO said.

The report also includes details of more than 25 security breaches that occurred between 2004 and 2007, three of which exposed personal data of more than 100,000 individuals. These capsules are only examples of the breaches that have occurred, according to the report -- the actual number of breaches is larger.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Read more about:

2008

About the Author

Tim Wilson, Editor in Chief, Dark Reading

Contributor

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights