Wednesday, October 05, 2022

GAO – Federal Agencies Lack Senior Leadership to Effectively Implement Privacy Programs

Beyond Pigeon Hollow: Attempting to solve the mystery of her disappearance.

Nordic criminal justice: How does it differ from Australia and does it work?

Not even great poets can live off their poetry: The Waste Land sold only about 330 copies in its first months  

The Treasury Inspector General, in a recent report, faulted the Internal Revenue Service for lacking a fully implemented security control infrastructure for its cloud services, putting taxpayer data at risk. 

TIGTA said that, as of the end of 2020, the IRS had 56 cloud services, 12 of which contained taxpayer data. While the agency had discussed a cloud security control infrastructure that covers all cloud services, it has yet to fully implement such a system. Despite this, TIGTA said the IRS has continued with cloud deployments, which could put taxpayer data at risk.

IRS cloud security is lacking: TIGTA

EPIC: “A Government Accountability Office (GAO) report, prepared in consultation with privacy experts including EPIC Senior Counsel John Davisson, canvassed 24 federal government agencies and found that most have failed to fully implement statutory privacy requirements. The GAO found that despite the massive amount of personally identifiable information (PII) collected by these agencies and the increasing sophistication of technology, most agencies struggled to fund and implement critical privacy program practices.

 Less than half the agencies surveyed have developed a privacy risk management framework, and ten agencies have not properly implemented a strategy for continuously monitoring for privacy risks. Further, agencies identified significant shortcomings in their privacy impact assessments (PIAs), including failures to initiate PIAs early enough in the process to be effective, or an inability to hold agency staff accountable for failing to complete PIAs. 

The GAO recommended that Congress consider legislation to designate a senior privacy official at agencies and give that individual sufficient authority to ensure privacy requirements are implemented. The GAO further recommended that the Director of OMB share information and best practices across agencies, including application of privacy requirements and risk management to emerging technology, as well as information relating to PIAs. 

EPIC has long worked to promote the use of privacy impact assessments and to ensure strict adherence with PIA requirements. Most recently, in EPIC v. USPS, EPIC brought suit to stop the U.S. Postal Service’s law enforcement arm from using facial recognition and social media monitoring tools at least until the agency has completed required privacy impact assessments.”

Reuters: “France plans to impose a minimum delivery fee of 3 euros ($2.93) for online book orders of less than 35 euros to level the playing field for independent bookstores struggling to compete against e-commerce giants, the government said on Friday. A 2014 French law already prohibits free book deliveries, but Amazon and other vendors such as Fnac have circumvented this by charging a token 1 cent per delivery. Local book stores typically charge up to 7 euros for shipping a book. Legislation was passed in December 2021 to close the one-cent loophole through a minimum shipping fee, but the law could not take effect until the government had decided on the size of that fee. “This will adapt the book industry to the digital era by restoring an equilibrium between large e-commerce platforms, which offer virtually free delivery for books whatever the order size, and bookstores that cannot match these delivery prices,” the culture and finance ministries said in a joint statement…”