The office of inspector general at the U.S. Agency for International Development has issued an audit report saying USAID has implemented key components of an effective privacy program but needs to carry out additional controls to safeguard personally identifiable information and mitigate the risk of a privacy breach.
OIG offered five recommendations for USAID’s chief information officer to enhance the effectiveness of the agency’s privacy program, including developing and implementing written procedures to periodically assess the effectiveness of the rules for its data loss prevention tool, according to the report published Aug. 11.
USAID should also offer role-based privacy training to staff by revising the “Information Technology Security Training – Policy, Standards, Guidelines, and Plan” and update and implement the agency's Social Security number reduction plan and system of records notice standard operating procedure to align with current requirements for assessing and updating SORNs.
The IG called on the director of web management within the agency’s bureau of legislative and public affairs to create and implement a plan to keep a complete inventory of third-party websites.
“These key elements of a privacy program are needed to protect PII and provide the public with sufficient information about records containing their information so that they know how their PII is safeguarded against misuse. Acting now would also guard against loss, unauthorized use, and lack of trust in the organization and limit risks related to litigation and compensation to the victims,” the report reads.
ExecutiveBiz, sister site of GovConDaily and part of the Executive Mosaic digital media umbrella, will host a virtual event about securing the supply chain on Oct. 26. Visit ExecutiveBiz.com to sign up for the “Supply Chain Cybersecurity: Revelations and Innovations” event.