You are here

Audit Report: IG-0771

July 30, 2007 

Security Over Personally Identifiable Information

Industry experts have reported that more than 100 million personal privacy records have been lost or stolen over the past two years, including information maintained by corporations, educational institutions, and Federal government agencies. In fact, over the past several years, the Department of Energy has experienced the loss of personal privacy records. On June 23,2006, in response to security incidents involving the loss or compromise of sensitive personal information by several Federal agencies, the Office of Management and Budget (OMB) issued a memorandum recommending that agencies strengthen controls over the protection of Personally Identifiable Information (PII). OMB specifically required agencies to implement protections over PII developed by the National Institute of Standards and Technology (NIST), including those related to encryption, remote access, and risk assessments.