Our audit revealed that the City does not have a comprehensive City wide strategy for safeguarding PII that is gathered by several City agencies. We found evidence of unsecured network folders and hard copy records containing thousands of pieces of PII. We believe that this breakdown in internal controls occurred due to outdated policies and inconsistent practices for safeguarding PII. Through stronger policies, guidance, communication,and training,the City will have the necessary controls in place to safeguard PII, thereby preventing opportunities for identity theft and reducing the City’s exposure to reputational damage or costly litigation