Information Minister Fayval Williams has sought to assure that security risks to data stored at the Passport Immigration and Citizenship Agency, PICA, will be addressed in the short term.

This, after an audit from the Auditor General’s Department found instances in which the agency did not appropriately manage risks of unauthorised disclosure, abuse or misuse of Access to Information Rights.

The Auditor General said PICA did not assess risks to its information and information processing facilities before granting employees and a third-party access to sensitive information.

Responding to the question of whether citizens’ data had been compromised, at this morning’s (September 21) Post Cabinet Press Briefing, Mrs. Williams said the respective ministry and minister would be looking at the report and querying the entity.

To address the risks identified, the AGD has recommended that PICA adopt a governance framework that promotes the establishment of formal structures, to provide oversight and guide the strategic direction of the it function to ensure the alignment of ICT and business objectives, and proper risk management.

Additionally, the agency needs to immediately review all user rights and permissions to ensure that access is only granted based on the roles and functions performed by employees within the agency.