Seal of the Commonwealth of Massachusetts
Massachusetts Audit Explorer - what the State Auditor found

← all audits

Audit of the Department of Telecommunications and Cable

June 18, 2018 · Department of Telecommunications and Cable · Read the full official report on mass.gov ↗

Published June 18, 2018 Audit covers July 1, 2015 – December 31, 2017 Under Suzanne M. Bump · 2011–2023

In plain English
The audit found that the department handled consumer complaints properly, but some interns with access to personal information did not get required information security training.
source
“Some DTC staff members did not receive required training on personal information.”
Read the plain-English breakdown
What is this?

This is a state performance audit of the Massachusetts Department of Telecommunications and Cable, covering July 1, 2015 through December 31, 2017.

“This report details the audit objectives, scope, methodology, finding, and recommendation for the audit period, July 1, 2015 through December 31, 2017.”
Why was it audited?

Auditors looked at how the department handled consumer complaints and whether staff who worked with those complaints got required information security training.

“In this performance audit, we examined certain aspects of DTC’s administration of its consumer complaint process and determined whether all DTC staff members involved in the administration of consumer complaints attended mandatory information security training as required by the state’s Executive Order 504.”
What's in it for me?

If you file a telecom or cable complaint, this audit is about whether the agency that handles it protects your personal information and manages your complaint process correctly.

“The Consumer Division manages telecommunications and cable complaints for DTC.”
The bottom line

The complaint process passed the audit, but the information-security training requirement did not.

“Does DTC properly administer its consumer complaint process?”
What happens next

The auditor recommended that the department update its rules so every employee, including interns, gets the required training.

“DTC should amend its policies and procedures to ensure that all employees, including student interns, receive the training required by Executive Order 504.”
Jargon, unpacked

Executive Order 504 is the state rule requiring information security training for agency workers, including guidance on how to identify and protect personal information.

“Such training shall include, without limitation, guidance to employees regarding how to identify, maintain and safeguard records and data that contain personal information.”

What the Auditor checked

What the Auditor found

Some Department of Telecommunications and Cable staff members with access to personal information did not receive required information security training.
cybersecuritydata privacyinternal controls

Why it matters: Personal information may be misused because people with access may not understand how to safeguard it or respond to a confidentiality breach.

Standard: Section 6 of the state's Executive Order 504 requires mandatory information security training for agency heads, managers, supervisors, and employees, including contract employees. ( Section 6 of the state’s Executive Order 504 )

1 recommendation
  • DTC should amend its policies and procedures to ensure that all employees, including student interns, receive the training required by Executive Order 504.agency: already implemented
Agency response & Auditor reply
Agency: "We wish to note that prior to the commencement of this audit, DTC began to ensure that all student interns received Executive Order (“EO”) 504 training in two ways."
Auditor: "Although we found that, during our audit period, 11 DTC student interns had not received the mandatory information security training, DTC’s response indicates that it is taking measures to address our concerns in this area."

More audits of this entity

Other Office of the State Auditor reports on Department of Telecommunications and Cable .

See this entity's page with all 3 audits →