Quality Control Review of Controls over DOT's Protection of Privacy Information
We conducted a quality control review of an audit, performed by CliftonLarsonAllen LLP, of the DOT’s practices for the protection of personally identifiable information (PII). The audit objectives were to determine whether: (1) DOT has established adequate procedures for the collection, use, and security of PII; (2) DOT ensures compliance with its own privacy and data protection policies and applicable laws and regulations to prevent unauthorized access to or unintended use of PII; and (3) DOT’s operating administrations properly evaluate the necessity of using PII to process data. CliftonLarsonAllen concluded that DOT’s privacy controls were not effective, and made 10 recommendations to improve the Department’s program. Our quality control review disclosed no instances in which CliftonLarsonAllen did not comply, in all material respects, with generally accepted Government auditing standards.