Skip to main content
Report File
Date Issued
Submitting OIG
Tennessee Valley Authority OIG
Other Participating OIGs
Tennessee Valley Authority OIG
Agencies Reviewed/Investigated
Tennessee Valley Authority
Report Number
2024-17478
Report Description

The Office of the Inspector General performed an audit to determine if the Tennessee Valley Authority (TVA) has designed and implemented privacy requirements in accordance with the Consolidated Appropriations Act, 2005. Our scope was limited to TVA’s privacy program responsibilities as defined in the Consolidated Appropriations Act, 2005. We determined TVA had privacy policies in alignment with the Consolidated Appropriations Act, 2005. In addition, TVA had implemented requirements from the Consolidated Appropriations Act, 2005, such as sustaining privacy protection, assuring compliance with fair information practices, proposals, congressional reporting, protecting, PII, training, compliance with policies, and recording.However, we identified six issues that should be addressed by TVA management to further comply with the requirements of the Consolidated Appropriations Act, 2005, and TVA policy. Specifically, we found:1. Discrepancies between TVA privacy system inventory and the PIA inventory.2. PIAs did not follow TVA policy.3. The privacy continuous monitoring program was outdated.4. Hard copy RPII and a restricted area were not secured.5. The PIA template did not contain all required information.6. Privacy policies were not consistent with applicable legal guidance.TVA management agreed with our recommendations.

Report Type
Audit
Agency Wide
Yes
Number of Recommendations
4
Questioned Costs
$0
Funds for Better Use
$0

Open Recommendations

This report has 1 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
4 No $0 $0

We recommend the Vice President and Chief Information and Digital Officer, Technology and Innovation, take steps to ensure hard copy Restricted Personal Identifiable Information is appropriately protected.

Tennessee Valley Authority OIG