The Government Accountability Office released a report this week with a scary conclusion: The Census Bureau, tasked with collecting personal information on every single American, has not adequately protected this data. Specifically, the GAO found, the Census Bureau is not fully prepared in cybersecurity, making Americans’ information vulnerable to hackers.

Many security protocols have been left “partially implemented” or “not implemented.” This includes inadequate password protection and leaving some databases completely unencrypted.

“Significant weaknesses in access controls and other information security controls exist,” the GAO concludes, that impair the Census Bureau’s “ability to ensure the confidentiality, integrity, and availability of the information and systems supporting its mission.” Of the 13 “leading practices” of information security the GAO identified, only two had been fully implemented by the Census Bureau. And until the Census Bureau brings their systems up to snuff, American data is at risk.

The report, titled “Actions Needed by the Census Bureau to Address Weaknesses,” recommends 13 steps that the Census Bureau must take to ensure the security of private data, including making their employees fully up-to-date on “security awareness training” and update their “incident response” protocols.

Continue reading →