The
most
recent
in
a
series
of
US
Government
Accountability
Office
(GAO)
reports
on
the
state
of
cybersecurity
across
the
federal
government
makes
specific
recommendations
about
the
collection,
use,
and
sharing
of
personally
identifiable
information
(PII).
In
a
Feb.
14
report,
the
GAO
recommended
improving
the
protection
of
private
data,
particularly
information
collected
in
retirement
plans.
Besides
the
cybersecurity
of
stored
data,
the
report
calls
on
agencies
to
establish
data
privacy
policies
and
procedures
that
include
record-keeping
that
identifies
the
types
of
personal
data
collected,
regular
privacy
impact
reviews,
and
the
coordination
of
these
data
privacy
functions
across
the
agency.
The
latest
GAO
cybersecurity
assessment
points
out,
as
it
has
in
previous
reports,
that
agencies
have
been
slow
to
adopt
its
recommendations.
“We
have
made
236
recommendations
in
public
reports
since
2010
with
respect
to
protecting
cyber
critical
infrastructure,”
the
GAO
added
in
its
report.
“Until
these
are
fully
implemented,
federal
agencies
will
be
more
limited
in
their
ability
to
protect
private
and
sensitive
data
entrusted
to
them.”