OIG finds incomplete CFPB response to unaccounted-for-laptops

The CFPB’s Office of Inspector General has issued a report indicating that, in performing an audit of the CFPB’s encryption of data on mobile devices issued to staff members, the OIG found the CFPB had not yet completed all of the steps previously identified by the OIG to address the risk created by unaccounted-for-laptops. Because of the sensitive nature of the information, the OIG only made an executive summary of the report publicly available.

According to the summary, the CFPB has been unable to provide a full accounting of all laptops that have been assigned to users since the CFPB’s establishment. In June 2016, the OIG issued an “early alert memorandum” to the CFPB in which the OIG identified a number of steps the CFPB should take to gain assurance that the unaccounted-for-laptops did not prevent an unacceptable level of risk to the CFPB and to strengthen technical controls over protecting sensitive data.

https://www.jdsupra.com/legalnews/oig-finds-incomplete-cfpb-response-to-45303/