Photo by PoPville flickr user Miki J.
From the Office of the District of Columbia Auditor:
“The primary finding of the report is that D.C. is not doing everything it can to protect the personally identifiable information (PII)—Social Security Numbers, date and place of birth, mother’s maiden name—that it collects and stores, leaving the sensitive personal information of millions of people vulnerable to security breaches.
The report’s findings point to wide variations in how District agencies:
• De-identify records so that enough PII is removed and individuals cannot be identified.
• Determine risks and effects of collecting, maintaining, and disseminating PII to mitigate potential privacy risks.
• Develop and conduct security training consistently across all agencies.
• Encrypt databases and digital storage devices containing PII to add additional layers of protection.”