A few days after The Atlanta Journal-Constitution reported on an internal audit that raised questions about how DeKalb’s government manages the sensitive personal information of employees and members of the public, officials are touting the county’s cybersecurity prowess.
The county issued a press release Monday about an annual survey conducted by the Center for Digital Government and the National Association of Counties ranking DeKalb’s innovation and technology department the second-best in the country. It marked the fifth straight year DeKalb had been recognized in the top 10 among counties with a population greater than 500,000 and less than 1 million.
Officials said the county’s IT department was honored for the innovative use of technology, including enhanced cybersecurity efforts.
“The DeKalb County Department of Innovation and Technology, under the leadership of John Matelski, diligently protects the county from countless cyber threats each year,” DeKalb CEO Michael Thurmond said in the news release. “This award recognizes that cyber security is a top priority of DeKalb’s information technology experts.”
The recognition was originally announced in July, but DeKalb officials highlighted it again several days after the AJC and Channel 2 Action News reported on an internal audit regarding how it handles “personally identifiable information” like Social Security numbers and banking information.
The audit was heavily redacted when posted on the county website — raising additional questions about transparency and public accountability — but the AJC later obtained unredacted text from the report.
The audit found that most county departments collect personal information from employees and residents yet had inconsistent, or even non-existent, policies for handling and securing the data. Among other things, the audit recommended that the county hire a manager dedicated to the protection of such information and better train employees on how to handle it.
The county administration agreed to act on suggestions by the first quarter of 2022, and Thurmond said some changes had already been adopted.
At the same time, officials were adamant that no employee or customer’s personal information had been compromised. In an email sent Monday, Thurmond said the audit “did not test system vulnerability.”
“It focused only on policies and procedures,” he wrote. “More importantly, it pre-dates our most recent award.”
While the audit was released only recently, it examined a period between July 2019 and January 2020.
Officials said the county has adopted several technological upgrades in the last year, including the establishment of “a 24/7 virtual security operations center” and an expanded cybersecurity education program.
Two other metro Atlanta counties were also recognized by the Center for Digital Government and the National Association of Counties. Gwinnett and Cobb counties ranked eighth and 10th in the nation, respectively.
