IG: TSA employees are well-informed on privacy issues

Featured eBooks
Cyber Workforce
Read Now

Law Enforcement Tech

Read Now

AI in the Workplace

Read Now
Insights & Reports
Document Automation & E-Signature for the Public Sector
Presented By Carahsoft
Download Now
By Jill R. Aitoro

By Jill R. Aitoro

|

Automated tools would help the agency better protect personal information stored on computers, IG reports.

The Transportation Security Administration has made progress educating employees on protecting private data stored on computers, but could further strengthen security by deploying technology that automatically monitors systems for breaches, according to a new report from the Homeland Security Department's inspector general.

Through a survey of 2,285 TSA employees, the IG's office found.80 percent were able to correctly identify an incident that could jeopardize privacy from a list of five examples, and nearly 95 percent said they knew the reporting procedures for suspected privacy incidents. Furthermore, almost 80 percent of those surveyed correctly identified TSA privacy policies and the requirements of the 1974 Privacy Act, which as amended governs how agencies collect, use and disseminate personally identifiable information.

Nearly 83 percent of employees said training and guidance had boosted their awareness of privacy issues. Efforts to keep workers informed included e-mail reminders for general privacy events, intranet posts and broadcast messages on specific privacy guidance. Almost 56 percent of surveyed employees also received advanced or specialized privacy training.

"TSA has made progress in implementing a framework that promotes a privacy culture and complies with federal privacy laws and regulations," said the IG, but "can improve its privacy program by implementing automated privacy-specific tools for testing and monitoring."

As of October 2008, TSA had identified 75 computer systems with personally identifiable information saved on them. Though the agency conducts annual reviews to ensure computer administrators are keeping the sensitive data on those systems secure, manual checks of file servers for leaks of private data showed vulnerabilities. The checks uncovered personally identifiable data that should not have been accessible, the IG reported, and TSA confirmed personal information also has been exposed in data spills, unprotected e-mails and folders that have gone missing.

The Office of the Chief Information Officer is responsible for securing data for all TSA systems and services, but "cannot electronically monitor privacy behavior continuously and measure the strength of [personally identifiable information] protections, [because] TSA has not purchased tools and technologies to automate privacy protection," the report noted. "Without privacy-focused measurements and testing, TSA cannot compare the levels of ... protections across different systems ... and improve overall privacy data protection and monitoring."

The IG recommended that TSA acting Administrator Gale Rossides implement automated tools for testing and monitoring the security of personally identifiable information stored on computer systems. TSA agreed with the recommendation and requested funding for such tools, according to the report.

NEXT STORY: Will Schools Go Easy on Vets?