Five-year-old privacy goals still unmet by many federal agencies

Numerous federal agencies, including the State Department, the Department of Housing and Urban Development, and the National Aeronautics and Space Administration, have not yet integrated privacy into their risk management systems nearly five years after a framework on such integration was released by the National Institute of Standards and Technology, according to CyberScoop. Such a review by CyberScoop and FedScoop, which comes a year after 14 agencies were found by the Government Accountability Office to fail to meet privacy goals, suggests privacy management challenges in the federal government, sparking concerns about the government's lack of preparedness to tackle artificial intelligence and digital transformation efforts. Consequences for lagging privacy integration have also been inadequate. "One of the reasons that you see such checkered compliance is that there really aren't consequences for an agency failing to produce a risk management framework or privacy impact assessment or other privacy documentation that its obligated to produce," said Electronic Privacy Information Center Senior Counsel and Director of Litigation John Davisson.