An Inspector General report has found that a federal agency failed to establish privacy safeguards for sensitive drone communications. Customs and Border Control did not complete a privacy threshold analysis and sidestepped review by the agency privacy office. According to the IG report, the CBP also collected and stored surveillance data that "remained unprotected for more than 2 years." Through a Freedom of Information Act lawsuit, EPIC obtained a related CBP directive on Unmanned Aircraft System Operations and Privacy. In a recent statement to Congress, EPIC highlighted the unique threat drones pose to privacy and said that the Congress should "establish drone privacy safeguards that limit the risk of public surveillance" before granting new authority to federal agencies.