The Government Accountability Office released a report this week with a scary conclusion: The Census Bureau, tasked with collecting personal information on every single American, has not adequately protected this data. Specifically, the GAO found, the Census Bureau is not fully prepared in cybersecurity, making Americans' information vulnerable to hackers.
Many security protocols have been left "partially implemented" or "not implemented." This includes inadequate password protection and leaving some databases completely unencrypted.
"Significant weaknesses in access controls and other information security controls exist," the GAO concludes, that impair the Census Bureau's "ability to ensure the confidentiality, integrity, and availability of the information and systems supporting its mission." Of the 13 "leading practices" of information security the GAO identified, only two had been fully implemented by the Census Bureau. And until the Census Bureau brings their systems up to snuff, American data is at risk.
The report, titled "Actions Needed by the Census Bureau to Address Weaknesses," recommends 13 steps that the Census Bureau must take to ensure the security of private data, including making their employees fully up-to-date on "security awareness training" and update their "incident response" protocols.
Computer information security will be paramount in the future. In December, the Census Bureau announced that it would undertake an unprecedented online transformation, allowing Americans to fill out surveys online rather than by mail or in person. The government organization plans to have that option available as soon as next year. This GAO report sheds light on the fact that an online census option was not made available in 2010 due to concerns about hacking.
The Census Bureau has been vulnerable to leaks of personal information in the past. Hundreds of laptops were stolen in 2006 in what was "by far the most egregious" computer theft in the government recently. Last year, hacker group Anonymous took credit for hacking a multitude of government websites - including that of the Census Bureau - though that incident was never officially acknowledged by the government.