Government’s work with data brokers prompts privacy concerns

The federal government's increasing reliance on personal data from information resellers has sparked questions about whether sufficient privacy protections are in place.

With the spate of thefts of or unauthorized access to personal information, there are "questions with regard to the federal government's reliance on and contributions to the use of personal information," House Judiciary Constitution Subcommittee Chairman Steve Chabot, R-Ohio, said on Tuesday at a joint hearing with another Judiciary panel.

The government uses information services for data related to enforcing child-support orders, screening potential employees, helping law enforcers locate missing children, and tracking laundered money, according to Stuart Pratt, president and CEO of the Consumer Data Industry Association. In 2004, some 5.5 million location services were conducted to enforce child support.

To better understand what information is being collected, Chabot and his panel's ranking Democrat, Jerrod Nadler of New York, last year told the Government Accountability Office to report on how federal agencies amass data and whether information brokers comply with privacy and security practices.

Linda Koontz, the director of information management issues at the GAO, reported the findings at the hearing. The report, which reviewed the Homeland Security, Justice and State departments and the Social Security Administration, found that some $30 million was spent on contracts with information brokers in fiscal 2005.

The privacy and security measures of major resellers that do business with the federal government are "not fully consistent with fair-information practices," Koontz said. GAO found that some resellers do not adhere to those practices because "they do not obtain their information directly from individuals."

Furthermore, GAO found that agency privacy practices are unevenly applied. Koontz said while agencies issued public notices about data collection, they did not indicate relationships with information resellers. In addition to such "ambiguities," she said the agencies "lack policies" that address the use of reseller data or ensure the accountability of personal information.

Homeland Security Chief Privacy Officer Maureen Cooney said the department's use of personal information must be "transparent and appropriate." Her office conducts privacy impact assessments, which she says help address privacy questions in the overall development and deployment of technology systems.

Privacy assessments address the risks of collecting and disseminating information in electronic form. They also evaluate protections, as well as alternative processes for handling the information in an effort to mitigate risks. Cooney said the department is implementing those assessments in national security systems that include personal information.

Koontz recommended that similar general guidelines be implemented across agencies.

Homeland Security's privacy office also is drafting guidance on the use of commercial data in government systems, and for comparing commercial and government data.

But the accuracy of that data is a "crucial basis" for the use of information, said Peter Swire, an Ohio State University law professor. "Because of the unique importance to individuals of government decisions, it is especially important to have accurate data," he said.