Federal Agency Efforts to Encrypt Sensitive Information Are Under Way, but Work Remains

“The GAO was asked to determine (1) how commercially available encryption technologies can help agencies protect sensitive information and reduce risks; (2) the federal laws, policies, and guidance for using encryption technologies; and (3) the extent to which agencies have implemented, or plan to implement, encryption technologies. To address these objectives, GAO identified and evaluated commercially available encryption technologies, reviewed relevant laws and guidance, and surveyed 24 major federal agencies.”

In 2006, the Department of Veterans Affairs reported that a laptop computer and external hard drive—that had not been encrypted or password protected and that contained the personal information of approximately 26.5 million veterans and United States military personnel—had been stolen from an employee’s home. This incident and the increasing number of data breaches reported by other government agencies—such as the Departments of Defense and Health and Human Services and the Transportation Security Administration—have raised concerns about the extent to which sensitive information maintained by the federal government is vulnerable and what current laws, policies, and practices are in place to protect that information. 1

Leave a Reply

Your email address will not be published. Required fields are marked *