Federal agencies reported 15,560 cybersecurity incidents in 2011, up from 13,017 in 2010, Greg Wilshusen, GAO’s director of information security issues, told a Senate panel on Tuesday.
To improve cybersecurity, Wilshusen recommended that the Privacy Act and the E-Government Act be updated to better protect personal information collected, processed, and used by the federal government.
His agency has identified three areas where the laws need to be updated: applying privacy protections consistently to all federal collection and use of personal information; ensuring that use of personally identifiable information is limited to a stated purpose; and establishing effective mechanisms for informing the public about privacy protections.
In addition, Wilshusen recommended that agencies take the following steps to improve privacy protections and cybersecurity: assessing the privacy implications of a planned information system or data collection prior to implementation; ensuring the implementation of a robust information security program; and limiting the collection of personal information, the time it is retained, and who has access to it, as well as implementing encryption.