Complain about a product or service

Government Agencies Flunk Privacy Tests

By Martin H. Bosworth
ConsumerAffairs.com

September 8, 2005
As the federal government struggles to respond effectively to Hurricane Katrina, concerns regarding governmental collection of individual Americans' data has prompted criticism from a government watchdog agency.

Identity Theft • Consumers Cautioned About Voter Registration Scams • Young Adults Seen As Prime Identity Theft Targets • Researchers Find Security Flaws In Online Banking Sites • 'Red Flags Rules' for Identity Theft on the Way • Identity Theft: One Woman's Story • Xbox or PC Stolen? Don't Forget to Cancel Your Credit Cards • Identity Theft a Growth Industry in Texas Border Towns • FTC Warns Consumers About Tax Rebate Scams • Big Banks, Telcos Top Identity Theft List • Identity Theft Tops FTC Complaint List Again • Study Claims Identity Theft 'Continues To Decline' • 650,000 Retail Customers Exposed In Data Breach • Children Becoming Prime Identity Theft Targets • FTC Finds 8 Million Identity Theft Cases • New Jersey Wants Banks to Help Fight Phishing Scams --- • More ...

A Government Accountability Office (GAO) report on several key agencies -- including the Internal Revenue Service (IRS), the Small Business Admnistration (SBA), the State Department, and the Federal Bureau of Investigations (FBI) -- has found that while each took some precautions in gathering individual data records, none fulfilled all of the necessary regulations to ensure that individuals' records would remain private.

"Agencies that do not take all the steps required to protect the privacy of personal information limit the ability of individuals to participate in decisions that affect them, as required by law, and risk the improper exposure or alteration of their personal information," according to the report.

The 82-page report, commissioned by Senator Daniel Akaka (D-HI), in his capacity as ranking minority member of Homeland Security and Government Affairs Subcommittee on Oversight of Government Management, states that though the agencies notified individuals that their information was being utilized, only one of the five provided proper notification as to why the information was being collected.

Both the FBI and IRS claimed exemptions from the notification for "law enforcement purposes."

Both agencies claimed to be working on waivers to allow individuals to inquire as to why their records were being collected, as "in cases where disclosure would not endanger ongoing investigations or reveal investigative methods."

The IRS' "Reveal" system, used to detect "financial crimes, fraud and terrorist activity," was launched in February 2005, and is still being tested. The "Reveal" system uses a great deal of personal information from government records, including addresses and Social Security numbers. The data is warehoused locally, rather than centrally.

The FBI was mandated to conduct privacy assessments of its information-collecting techniques, but delayed the assessments due to "due to competing priorities for its operational support team," according to the report. The FBI did not set a target date for completing the assessments.

Two of the agencies involved in the study -- the State Department and the SBA -- allowed individuals to review the systems by which their data was collected.

The State Department's usage of the Citibank Custom Reporting System for managing its employees' credit card transactions was analyzed in the GAO report.

The GAO recommended that the State Department perform a full series of assessments on the Citibank program to ensure compliance with Office of Management and Budget (OMB) regulations.

Although the OMB does not formally require privacy assessments for internal government programs, the office nonetheless encouraged compliance when data on individual government employees is collected in "an identifiable form."

The report chided the State Department for not providing notice to its employees that their information was being aggregated.

"Without adequate notice of this information collection effort, the ability of State employees and the public to participate in decisions about the collection and use of personal information…is limited."

State Department officials claimed they were unaware such a notice was required, but would provide one in the future.

The SBA's "Lender/Loan Monitoring System," designed by business information sellers Dun & Bradstreet, evaluates "predefined patterns" in lending histories and a business' total number of outstanding loans. The monitoring system uses multiple data sources from commercial vendors, and the GAO recommended that the SBA conduct a privacy assessment and publish the results for public review.

Dun & Bradstreet has positioned itself at the forefront of data-mining techniques, currently claiming database records of 64 million businesses worldwide. The company's unique "DUNS" numbers are utilized to identify U.S. businesses in government transactions, and the SBA relied on data provided by the company to run its system.

A 1995 report from the company on data-mining indicates its willingness to "cross-market" data collecting techniques in order to sell to different business areas.

"D&B is in a unique position to take the lead in delivering the benefits of data mining technology to customers," stated its report. "The company has a wealth of data unrivaled in its breadth and depth, and the understanding of the relevant markets that is necessary to bring this technology to customers successfully."

Government control of individuals' data is regulated by the 1974 Privacy Act, which mandates that individuals have the right to view any personal data collected, and to "seek amendment of agency records maintained on them upon a showing that the records are not accurate, relevant, timely, or complete."

The government often relies on private data brokers such as Dun & Bradstreet and ChoicePoint to provide it with database records, as private companies are not restricted in collecting and reselling individuals' data.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

Back to the top |