An audit conducted by the state Comptroller’s Office was critical of how electronic data was secured in Cayuga County.
Specifically, the audit examined whether Cayuga County officials ensured electronic data containing personal, private, and sensitive information (PPSI) on County-owned Public Health Department (Department) devices was adequately protected from unauthorized access and use.
According to the state, Cayuga County officials did not adequately protect the Department’s electronic data containing personal, private, and sensitive information. In addition, weak controls were in place.
Here’s what the state highlighted in the report:
- Electronic data containing PPSI on 32 of the 61 County-owned Department IT devices we examined, in violation of County policies.
- County officials have not established a County-wide data classification schematic and have not inventoried PPSI in their possession.
- County officials and IT staff did not establish formal written procedures to help adequately secure PPSI.
County officials agreed with the recommended fixes, which included:
- Ensure IT policies and procedures are consistently and appropriately followed.
- Establish a data classification inventory that assigns the appropriate security level to each type of data.
- Develop formal written procedures to help ensure PPSI is adequately secured.