Privacy Protection and Technology

Gao ID: 095385 February 13, 1979

Large data banks of personal information exist in various Government agencies, and only the current inability to centrally obtain this information precludes the use of Government sources to establish comprehensive individual dossiers. The first attempt to centralize Government-held computerized information in the mid-1960's met with concern over the potential for a large concentration of data which, if misused, could result in an invasion of individual privacy. Although many agencies are engaged in various aspects of computer security, numerous weaknesses occur, including: the absence of risk management techniques to select proper security safeguards; lack of procedures for monitoring and reporting on computer security effectiveness; noncompliance with existing procedures; lack of effective security training; limited involvement on the part of internal audit; and specific weaknesses in physical, technical, and administrative safeguards for protecting agency data. As long as these deficiencies exist, Federal agencies have no assurance that their computer resources and data are properly secured or adequately protected. GAO has recommended that the Director of the Office of Management and Budget take necessary actions to provide the Federal agencies with comprehensive guidelines regarding computer security. The problem of untrustworthy or dishonest employees represents the major threat to personal or sensitive information, and protection against such employees is very difficult. Several approaches to limiting access to computer information are outlined.



The Justia Government Accountability Office site republishes public reports retrieved from the U.S. GAO These reports should not be considered official, and do not necessarily reflect the views of Justia.