Challenges of Protecting Personal Information in an Expanding Federal Computer Network Environment

LCD-76-102: Published: Apr 28, 1978. Publicly Released: Apr 28, 1978.

Additional Materials:

Contact:

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

The concept of a federal computer network and the attendant benefits of economy and efficiency was recognized when the Brooks Act was enacted in 1965. Since the enactment of this legislation, public and private concern has grown over the ability of computer systems and networks to provide adequate protection for personal information maintained about U.S. citizens.

The concept of a government-wide computer network presents a dilemma: should the government take advantage of the economies that may be possible from using multiuser teleprocessing systems rather than individual agency owned and operated data processing systems or protect the individual's right to privacy by prohibiting such networks? This dilemma could be solved and economies realized if adequate controls could be defined and established to ensure confidentiality of data. The major threat to privacy invasion stems from misuse of personel information by individuals having authorized access, and a secondary threat stems from individuals not allowed access to the information who have the technical ability to circumvent security measures. The risk to personal information varies with the type of data involved, the effectiveness of the controls exercised, and the configuration of the computer network. While absolute security cannot be assured, a high level of protection can be provided in a multiuser computer network.

Recommendation for Executive Action

  1. Status: Closed

    Comments: Please call 202/512-6100 for additional information.

    Recommendation: The Director of the Office of Management and Budget should take action to provide federal agencies with comprehensive guidelines that: contain the definitions and criteria necessary to permit an assessment of their security requirements; provide the methodology to be used in conducting the assessment; identify the physical, administrative, and technical safeguards that should be applied in satisfying their security requirements; and specify the means to justify the associated cost.

    Agency Affected:

 

Explore the full database of GAO's Open Recommendations »

Sep 20, 2016

May 4, 2016

Apr 27, 2016

Feb 3, 2016

Sep 18, 2015

Jun 2, 2015

May 21, 2015

May 15, 2015

May 8, 2015

Looking for more? Browse all our products here