Senator Maggie Hassan, D-N.H., called on the Government Accountability Office (GAO) to review the Department of Homeland Security’s (DHS’) policies and handling of personally identifiable information following recent security incidents.
In an October 23 letter to the Comptroller General – which oversees GAO – Sen. Hassan cited three recent security incidents at DHS component agencies, and voiced concerns over the department’s controls on contractors in particular.
“While the department’s functions are essential, it is also essential that it protect the PII that is collected on the department’s behalf from improper access or use,” she wrote.
Hassan cited the oversharing of information about hurricane survivors with contractors, the insecure storage of sensitive data from a bioterrorism defense program by a contractor, and a cyberattack that stole border-entry photos from a contractor.
“Such lapses in sharing with contractors or protecting PII in contractor systems are unacceptable,” Hassan stated.
She requested a report from GAO on requirements for contractors, oversight mechanisms, and remediation after breaches on contractor systems.