Skip to main content
U.S. flag

An official website of the United States government

Audit Reports


Quality Control Review of Controls over DOT's Protection of Privacy Information

Requested By
Required by the 2008 amendments to Section 522 of the Fiscal Year 2005 Transportation, Treasury, Independent Agencies, and General Government Appropriations Act
Project ID
File Attachment

We conducted a quality control review of an audit, performed by CliftonLarsonAllen LLP, of the DOT’s practices for the protection of personally identifiable information (PII). The audit objectives were to determine whether: (1) DOT has established adequate procedures for the collection, use, and security of PII; (2) DOT ensures compliance with its own privacy and data protection policies and applicable laws and regulations to prevent unauthorized access to or unintended use of PII; and (3) DOT’s operating administrations properly evaluate the necessity of using PII to process data. CliftonLarsonAllen concluded that DOT’s privacy controls were not effective, and made 10 recommendations to improve the Department’s program. Our quality control review disclosed no instances in which CliftonLarsonAllen did not comply, in all material respects, with generally accepted Government auditing standards.