Translate Our Site

02-27-2019 - 18-103 - Performance Audit - Personal Identifiable Information Security on City Systems - Citywide

Current citywide processes, policies and procedures are not adequate to ensure classifying and safeguarding of Personal Identifiable Information (PII) at the department level, and delegate certain authority to the department directors. DTI does not maintain an active inventory of systems and devices that contain PII. The City also does not have comprehensive policies and procedures for classifying and safeguarding PII. In addition, individuals with access to the City's computer environment are not always trained on or aware of their responsibility to safeguard PII.