The Government Accountability Office has issued a report touting the importance of privacy impact assessments in safeguarding data, and after apparently scrutinizing where it stands in terms of sloppy practices, GAO disclosed that it had pulled from its website Department of Defense travel vouchers from the 1970s containing names, Social Security numbers and some addresses of government employees.
Around the same time the Navy announced that information on more than 30,000 sailors and family members stationed in areas affected by Hurricane Katrina had been discovered on a civilian website and subsequently removed.
GAO, in the same report, said that while public notification in the event of a data breach has benefits, criteria for triggering notification should be carefully considered — such as coordination with law enforcement — and notices should be simplified as much as possible.
It is now calling on other database providers — both public and private — to remove personally identifiable information as well. It said the information it recently discovered on its system pertains to fewer than 1,000 individuals.
GAO also recognized that while it strives to be a model agency with all its reports, testimonies, and other work products accessible to the public, it remains very concerned about personal privacy.
It found out about the postings by an employee of an inspector general for another agency, and said it has stopped posting archival materials and initiated a review of those records to ensure that all personal information is redacted before being digitized.
