City not adequately protecting private information


by ANDY PIERROTTI / KVUE News and Photojournalist DEREK RASOR

Bio | Email | Follow: @AndyP_KVUE

Posted on December 2, 2013 at 7:20 PM

Updated Monday, Dec 2 at 7:40 PM

AUSTIN -- A new audit has found that the City of Austin isn’t doing enough to protect the private information of its employees and citizens.

In a letter to the Austin City Council last month, auditor Kenneth Mory wrote, “The City does not have an effective process to protect PII [personally identifiable information].”

The audit also discovered more than half of the city departments surveyed did not have written policies on how it safeguards employees' and citizens' private information.

By the numbers:

A survey of department directors indicates that 88 percent of departments who responded collect or store PII. But 52 percent of departments do not have written policies and procedures for the collection, access, storage and disposal of PII, 45 percent of departments have employees who do not receive training on the collection, access, storage and disposal of PII; and 38 percent of departments do not have an individual who is responsible for the oversight and security of PII.

Mayor Pro tem Sheryl Cole says the lack of policies leaves the city vulnerable to hackers searching for information.

"We do not want hackers or identity theft to occur, and as far as I know at this moment that hasn't happened with any of these documents," said Cole.

Austin isn't the only one putting citizens' information at risk. Over the summer the KVUE Defenders uncovered thousands of state cyber security breaches potentially compromising Texans' private information.

According to information obtained by Department of Information Resources, state agencies reported hackers gained unauthorized access to its computers nearly 4,800 times since 2009.

That includes a breach at the Comptroller’s Office in 2011 that exposed 3.5 million Texans' birthdays and social security numbers over the Internet.

According to a 2012 Texas cyber security report, "There is a general lack of awareness regarding securing the cyber infrastructure."

In August State Senator Leticia Van de Putte told the KVUE Defenders that state agencies need more resources to combat threats.

"I've always felt that the state was not as prepared as it could be to protect itself," said Van de Putte.

Austin is now working to implement policies to protect itself and its citizens' private information. That includes forming a task force, as well as more staff and training.

Take a look at the audit here.