This request is for a copy of every annual report made by the Department of Justice under this provision of Executive Order 13181. We prefer to have the copies in a widely available electronic format, such as a PDF file or a Word document. Having an electronic format will facilitate the posting of the reports on the World Privacy Forum’s website at www.worldprivacyforum.org. We note this is our second request for this report. Our first request was made November 29, 2007. The DOJ responded to our 2007 FOIA by saying the annual report could not be located.
Data breach | GAO data breach study — The World Privacy Forum made an information request to the GAO asking for a copy of the single, non-duplicative list of data breaches its June, 2007 data breach report (GAO -07-737) refers to and was based on. The list was not included in the GAO report. The GAO used a figure in its report of “more than 570 data breaches” from January 2005 to December 2006 based on this non-duplicative breach list. The GAO breach list is straightforward, it tallies data breaches chronologically from January 1, 2005 to December 31, 2006 from three organizations that maintain data breach lists. If the breach appeared on at least one of the three lists, it was apparently included in the final tally. The GAO states that the list was based on a February 15, 2007 download of the lists.
Note: the WPF scan of the GAO list includes the first page twice. The front page of the scan is of the GAO list as it looks in the original document, and then the list was scanned for maximum readability into PDF format.