The same weakness that exposed the personal data of tens of thousands of Energy Department employees in July persists in many of the department's desktop computers. DOE's office of inspector general scanned more than 2,300 desktop systems at 17 different locations, finding that 41 percent lacked security patches for known vulnerabilities.
Centers for Medicare and Medicaid Services should launch a project to address the removal of Social Security numbers from Medicare beneficiaries' cards as a core component of its information technology modernization efforts, says the Government Accountability Office.
Many agencies are using social media like Twitter and Facebook, and should be aware of the privacy implications of posting photos and collecting comments, writes Tim Lowden, a digital communications specialist in the General Services Administration's Center for Excellence in Digital Government. Some of that content contains personally identifiable information.
Beyond simply broadcasting information or promoting their mission, agencies can use social media for situational awareness and for mission operations, but there are privacy issues agencies must consider, says the Federal Chief Information Officers Council.
The Homeland Security Department says software utilized by a vendor that processes personnel security investigation had a vulnerability that may have allowed a data breach of elements including Social Security numbers.
A tenet of fair information practice principles is that organizations should only collect personally identifiable information for a specified purpose--whether that should translate into a warrant requirement for government use of unmanned aerial vehicles took up large parts of a May 17 House hearing.
The Veterans Affairs Department was transmitting sensitive data, including personally identifiable information and internal network routing information, over an unencrypted telecommunications carrier network, according to a March 6 VA Office of Inspector General report (.pdf).
As part of its Cyber Awareness Program, the Secret Service contracts the system from Reston, Va.-based Cyveillance, a subsidiary of QinetiQ North America, to search online data related to investigatory and protective intelligence information. DHS concluded in its assessment released last month that the privacy impact on individuals is "limited" and that the Secret Service retains only that information derived from Cyveillance that is required for investigations related to the Secret Service's missions.
Recognizing the advances of commercial practices and technology over the past decade, including smartphones, the Federal Trade Commission has adopted final amendments to the Children's Online Privacy Protection Act to reflect the growing presence of websites geared towards kids. Among the changes to the COPPA Rule, the new regulations expand the list of personal information that cannot be collected by websites without parental notice and consent, clarifying that this category includes geolocation information, photographs, and videos.
Immigration and Customs Enforcement says it's rolling out a law enforcement system that allows Homeland Security Investigations officials to search, analyze and visualize data about individuals collected by the Homeland Security Department or bought from commercial sources.