December 20, 2023 at 11:33PM
NASA’s Inspector General praises the agency’s privacy program but identifies areas for improvement. The audit highlights a need for enhanced protection of personal information, including the implementation of data loss protection in Microsoft 365. It also raises concerns about unclear breach response procedures and incomplete privacy reporting. NASA agrees to address the recommendations, with a focus on improving role-based privacy training.
Based on the meeting notes, the key takeaways are:
– NASA has a comprehensive privacy program in place but needs improvements in protecting individuals’ personal information.
– One of the specific improvements required is the implementation of data loss protection (DLP) in Microsoft 365.
– NASA lacks consistent data to track and monitor PII leaks and needs to establish clearer roles and responsibilities for the operation and maintenance of the DLP tool.
– There are issues with NASA’s process for responding to breaches, including unclear documentation and insufficient training for the Breach Response Team (BRT) members.
– The space agency also needs to address the lack of required privacy role-based training for individuals assigned security and privacy roles.
– NASA has agreed to implement all recommendations but needs to revisit the plan for specific security and privacy roles to take privacy role-based training.
Let me know if you need any further details or information from the meeting notes.