Federal Agencies Still Lax on Identity Protection, GAO Study Finds

The Government Accountability Office (GAO) has examined the security practices of two dozen federal agencies and found most have not implemented the necessary measures to protect personal information from data theft.

The Associated Press is reporting that the GAO report, which comes almost two years after Veterans’ Affairs put personal information at risk, found only two agencies — the Treasury and Transportation departments — met five federal recommendations for security.

AP says the report also found that the Small Business Administration and the National Science Foundation have met none of those recommendations, and the other 18 only met them to varying degrees.

“The findings released in this report are very troubling — indicating that agency after agency has failed to make securing citizens' personal information a high priority,” Sen. Norm Coleman, a Minnesota Republican who asked for the GAO report along with California Rep. Susan Davis, told AP. “The clock is ticking and we need to know when the agencies are going to have the protections in place to stop the numerous data breaches we have seen over the past few years.”

In the new report, the GAO looked at OMB recommendations such as encrypting data on mobile computers and other devices that carry agency data; and using a checklist to protect personally identifiable information that is accessed remotely or physically transported outside the agency.