[Dataloss] A thought on USG data protection capability

[lyger]

From: dan at geer.org

http://www.gao.gov/highlights/d06866thigh.pdf


GAO-06-866: Leadership Needed to Address Information Security
Weaknesses and Privacy Issues (Testimony)

June 14, Government Accountability Office

The recent information security breach at the Department of
Veterans Affairs (VA), in which personal data on millions of
veterans were compromised, has highlighted the importance of the
department's security weaknesses, as well as the ability of
federal agencies to protect personal information. Robust federal
security programs are critically important to properly protect
this information and the privacy of individuals. The Government
Accountability Office (GAO) was asked to testify on VA's
information security program, ways that agencies can prevent
improper disclosures of personal information, and issues
concerning notifications of privacy breaches. To ensure that
security and privacy issues are adequately addressed, GAO has
made recommendations previously to VA and other agencies on
implementing federal privacy and security laws. In addition, GAO
has previously testified that in considering security breach
notification legislation, the Congress should consider setting
specific reporting requirements for agencies.