The federal government collects large amounts of PII from the public, including taxpayer data, Social Security information, and patient health information. It is critical that federal agencies ensure that this information is adequately protected from data breaches, and that they respond swiftly and appropriately when breaches occur. Since 1997, the GAO has designated information security as a government-wide, high-risk area. Further, data breaches at federal agencies have raised concerns about the protection of PII. Federal laws and other guidance specify the responsibilities of agencies in securing their information and information systems and in responding to data breaches.