X

Feds fail to protect privacy rights, auditors report

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
See full bio
Declan McCullagh
2 min read

Government agencies that use private-sector databases to pull up information on American citizens without their knowledge often do it in violation of privacy regulations, a major new federal report has found.

The Government Accountability Office reviewed federal use of "information resellers" such as ChoicePoint and LexisNexis and found that 91 percent of spending from major federal agencies was for law enforcement or terrorism-related investigations.

Of eight examples of agency use the GAO gave, fully half did not abide by federal fair information rules. Those include principles such as data quality, use for limited purposes, security safeguards, and accountability.

Here are excerpts from the 93-page report released Tuesday:

"According to Justice (Department) contract documentation, access to up-to-date and comprehensive public record information is a critical ongoing mission requirement, and the department relies on a wide variety of information resellers -- including ChoicePoint, Dun & Bradstreet, LexisNexis, and West -- to meet that need... The FBI is Justice's largest user of information resellers, with about $11 million in contracts in fiscal year 2005.

"Although the information resellers that do business with the federal agencies we reviewed 39 have practices in place to protect privacy, these measures were not fully consistent with the Fair Information Practices...

"According to the individual participation principle, individuals should have the right to know about the collection of personal information, to access that information, to request correction, and to challenge the denial of those rights. Information resellers generally allow individuals access to their personal information. However, this access is limited, as is the opportunity to make corrections...

"(White House) privacy guidance does not clearly address information reseller data, which has become such a valuable and useful tool for agencies. As a result, agencies are left largely on their own to determine how to satisfy legal requirements and protect privacy when acquiring and using reseller data. Without current and specific guidance, the government risks continued uneven adherence to important, well-established privacy principles and lacks assurance that the privacy rights of individuals are adequately protected."