Privacy: Lessons Learned about Data Breach Notification

United States Government Publishing Office publisher pbl distributor dst United States Government Accountability Office author aut Government Organization text government publication eng GAOREPORTS Legislative Agency Publications gao legislative 2010-08-12 U.S. Government Printing Office 2007-04-30 monographic deposited born digital 78 p. GA 1.13:GAO-07-657 https://www.govinfo.gov/app/details/GAOREPORTS-GAO-07-657 P0b002ee18038e44c f:d07657 DGPO 2010-08-12 2011-03-23 GAOREPORTS-GAO-07-657 machine generated eng fdlp REPORT GAOREPORTS-GAO-07-657 GAO-07-657 Computer security Computer security incidents Identity theft Information security Information technology Larceny Lessons learned Monitoring Policy evaluation Privacy law Right of privacy Security policies Other Written Product A68865 Privacy: Lessons Learned about Data Breach Notification A May 2006 data breach at the Department of Veterans Affairs (VA) and other similar incidents since then have heightened awareness of the importance of protecting computer equipment containing personally identifiable information and responding effectively to a breach that poses privacy risks. GAO's objective was to identify lessons learned from the VA data breach and other similar federal data breaches regarding effectively notifying government officials and affected individuals about data breaches. To address this objective, GAO analyzed documentation and interviewed officials at VA and five other agencies regarding their responses to data breaches and their progress in implementing standardized data breach notification procedures. The cases at the other agencies were chosen because, like the VA case, they involved loss or theft of computing equipment and relatively large numbers of affected individuals (10,000 or more). https://www.govinfo.gov/content/pkg/GAOREPORTS-GAO-07-657/html/GAOREPORTS-GAO-07-657.htm https://www.govinfo.gov/content/pkg/GAOREPORTS-GAO-07-657/pdf/GAOREPORTS-GAO-07-657.pdf GAO-07-657 https://www.govinfo.gov/app/details/GAOREPORTS-GAO-07-657 Other Written Product GAO-07-657; Privacy: Lessons Learned about Data Breach Notification; Computer security Computer security incidents Identity theft Information security Information technology Larceny Lessons learned Monitoring Policy evaluation Privacy law Right of privacy Security policies United States Public Law 461 (109th Congress) Public Law 109-461