Specifically the GAO reported finding that the Census Bureau's information systems and networks are "pervaded" by multiple security control weaknesses, "thereby jeopardizing the bureau's ability to sufficiently protect the confidentiality, integrity, and availability of its information and systems."
As a result, wrote the GAO, the Census Bureau can offer only "limited assurance" that its information handling - and sharing - systems are adequately protected against unauthorized "access, use, disclosure, modification, disruption, or loss." Ouch!
This has to be troubling news for the Census Bureau, which depends so heavily on the public's trust of confidentiality. While responding truthfully to the census is require by law, many people resist doing so, because they fear their information will not be kept secret.
Also See: Why the Census is Important to You
As it often stresses, the Census Bureau is banned by federal law from disclosing private information requested on any of their various questionnaires like names, addresses, and Social Security and phone numbers.
Census Bureau employees who violate their required oath of confidentiality face fines of $250,000 and up to 5 years of jail.
But far beyond the control of most Census Bureau employees, weaknesses in how the bureau regulates and controls access to information systems jeopardizes its promise of confidentiality.
"Without adequate controls over access to its systems, the bureau cannot be sure that its information and systems are protected from intrusion," stated the GAO's analysis.
The GAO also found the Census Bureau has not created adequate contingency plans for recovering from events that typically result in loss of data, such as power failure and fires by storing backup copies at secured offsite locations.
"Without an effective and complete contingency plan, an agency's likelihood of recovering its information and systems in a timely manner is diminished," the GAO report said.
Of the 115 recommendations for improvement made by the GAO -- only 13 of which were made public for personal information security reasons - the Census Bureau's parent agency, the Department of Commerce, "expressed broad agreement" with the report and said it would "work to identify the best way to address" the recommendations.