Data loss prevention is the practice of detecting and preventing disclosure of sensitive or confidential information outside of an organization. The City Auditor hired a technical expert to assess the City’s Bureau of Technology Services’ approach to data loss prevention. Testing centered on practices used by the Bureau of Human Resources to manage and protect data it uses. The audit also reviewed the City’s electronic records management system.
The City Auditor provided detailed audit results and recommendations to the Bureaus of Technology Services and Human Resources, and Archives and Records Management in separate confidential reports. Bureau managers provided responses to the detailed reports and generally committed to implementing the recommendations. Because of the sensitive information about computer or system weaknesses in those detailed reports, the City Auditor is publishing this public report to describe the overall audit process and results.
The City Auditor will follow up in one year to confirm that the recommended improvements were made.