GAO: Government Can Do More to Protect Personal Data

Reports recommend consistent safeguards for all uses of information

By Martin H. Bosworth
ConsumerAffairs.Com

June 19, 2008

• RFID Eyed as Anti-Shoplifting Tool
• Internet Providers Admit to Monitoring Customers' Web Surfing
• Big Brother Hitching A Ride in California?
• GAO: Government Can Do More to Protect Personal Data
• US Search Agrees to Stop Selling Private Credit Data
• TSA Site Left Passenger Data Exposed To ID Theft
• Connecticut Governor Wants 'Opt Out' For Online Directories
• Verizon Gave Customer Data To Government Without Court Orders
• House Democrats Probe Warrantless Surveillance
---
• More Privacy News ...

A wide variety of government agencies collect personally identifiable information such as names, dates of birth, and Social Security numbers for an equally wide range of purposes -- and as new reports from the Government Accountability Office (GAO) indicate, agencies are often inconsistent in ensuring that the information they collect is safe from misuse, and existing privacy laws do not sufficiently account for changes in technology that enable easy access to information.

The GAO published several reports on June 18, assembled for several months prior, dealing with the topic of how government agencies gather records of personal information, and how the laws that govern privacy are administered across the government.

The agency's investigation found that the "framework of legal mechanisms for protecting personal privacy that has been developed over the years may no longer be sufficient, given current practices."

"Although the Privacy Act, the E-Government Act, and related guidance from the Office of Management and Budget (OMB) set minimum privacy requirements for agencies, they may not consistently protect personally identifiable information in all circumstances of its collection and use throughout the federal government and may not fully adhere to key privacy principles," the agency said.

Linda Koontz, the agency's director of information technology, presented the findings in testimony before the Senate's Homeland Security and Governmental Affairs Committee.

Among the GAO's findings:

• The 1974 Privacy Act defines protected personal information as a "system of records" retrieved by a unique identifier, such as a name or Social Security number. The current definition enables many agencies to sidestep the Privacy Act and collect data without protections if they do not use unique identifiers to retrieve the information. The GAO recommended revising the Privacy Act to cover all information gathered by the federal government, regardless of its organization.

• Disclosures that personal information is being collected by a government agency require the data to be collected for a specific purpose, but as the GAO noted, the disclosures are often broadly written and vaguely phrased, enabling much broader use of the data than originally intended. The GAO recommended crafting disclosures to ensure any personal data would be collected only for a specific purpose, and that agencies which share the data get agreements in writing on how it is to be used.

• Notices that the government is collecting personal data are published in the Federal Register, the government's official catalogue of public records, but the GAO felt that the Register was not accessible enough to the general public to qualify as a broad disclosure of data collection. The GAO recommended centralizing all disclosures of data collection on an easily searchable Web site, such as "www.privacy.gov," and at corresponding pages on agency Web sites, such as "www.agency.gov/privacy."

Committee chairman Joe Lieberman (I-CT) said that Congress supported reforming the government's privacy practices, though he debated the practicality of passing smaller reforms in the current Congress versus waiting to make larger changes in the next.

"It is essential for the government to collect and use personal information," Lieberman said. "[The government] must properly balance our many policy goals against potential incursions on privacy."

Ongoing struggle

The GAO has long been an advocate of stronger privacy standards for collecting personal information, and has regularly criticized agencies that are lax in protecting the data they collect. In 2005, the GAO found that multiple government agencies flunked privacy tests by not performing all of the required steps necessary to ensure that data was secured.

The agency exposed security weaknesses in the Internal Revenue Service's (IRS) collection of taxpayer data in 2006, such as not providing proper training for employees or oversight for third-party contractors who had access to the information. In a follow-up report in 2007, the GAO noted that the IRS was making progress, but significant vulnerabilities remained.

The Department of Health and Human Services (HHS) came under scrutiny by the GAO in 2007 for its issuing of contracts to third-party companies to develop technologies for sharing medical records, without first implementing privacy practices.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

Share		Follow us on Twitter.

FREE CONSUMER NEWSLETTERS
The Daily Consumer Afternoons M-F Sign up now!	Consumer News & Alerts Every Sunday Sign up now!

CONSUMER NEWS

ConsumerAffairs.com on Facebook

SAFETY RECALLS

MOST-VIEWED PAGES

NEW COMPLAINTS

Allied American Warranty
Battery Doctors
Dollar Tree
Robert Zitofsky, DDS, West Haverstraw, NY
Country Lane Pups, Purdy, MO
Bayport Credit Union
Valley View Bank, Overland Park, KS
Victory Nissan, Chesapeake, VA
Victory Nissan, Richmond, VA
Napleton Chrysler Jeep Dodge, Kissimmee, FL

Back to the top |

Custom Search

AUTOMOTIVE
• Dealers
• Manufacturers
• Service
• Extended Warranties
• Lemon Laws
• Recalls
• Tires
• Transporters

FAMILY
• Aging
• Children, Parenting
• Recalls
• Dating
• Education
• Entertainment
• Pets
• Weddings

FINANCE
• Annuities
• Banks
• Credit Cards
• Debt Collection
• Debt Counseling
• Insurance
• Investing
• Loans
• Mortgages
• Payday Loans
• Student Loans
• Tax Prep

HEALTH
• Doctors
• Drugs, Pharmacies
• Health Clubs
• Hearing Care
• Hospitals
• Nursing Homes
• Nutrition, Diets
• Vision Care
• Weight Loss

HOUSE & HOME
• Appliances
• Cookware
• Furniture
• Home Improvements
• Lawn & Garden
• Movers
• Pools & Spas
• Realtors, Rental Agents
• Recalls
• Utilities

ELECTRONICS
• Cable TV/DBS
• Cameras
• Cell Phones
• Computers
• Home Electronics
• Internet Access
• Local Phone Service
• Long Distance
• VoIP

SHOPPING
• In-Home
• Online
• Retail Stores
• Sporting Goods
• Supermarkets
• Telemarketers

TRAVEL
• Airlines
• Bus Lines
• Car Rental
• Cruises
• Hotels
• Travel Agents
• Trains

RESOURCES
• Class Actions
• Complaint Form
• Small Claims Guide
• Lemon Laws

CONSUMER NEWS
• Latest News
• Automotive
• Telecom
• Financial
• Health
• Homeowners
• Scams
• Seniors
• Travel
• More ...

RECALLS
• Automotive
• Children's Products
• Drugs
• Food
• Household Products
• Sporting Goods

ABOUT US
• FAQ
• Privacy Policy
• Advertise With Us
• Newsroom
• Syndication
• Terms of Use

Terms of Use Your use of this site constitutes acceptance of the Terms of Use

Advertisements on this site are placed and controlled by outside advertising networks. ConsumerAffairs.com does not evaluate or endorse the products and services advertised. See the FAQ for more information.

Company Response Welcome If complaints about your company appear on our site, we welcome your response. Please see the Response Form for more information.

For more information, see the FAQ and privacy policy. The information on this Web site is general in nature and is not intended as a substitute for competent legal advice. ConsumerAffairs.com Inc. makes no representation as to the accuracy of the information herein provided and assumes no liability for any damages or loss arising from the use thereof.