Grammy Winners Hogwarts Legacy Review 'Last of Us' Episode 5 Coming Early Frozen Yogurt Day Freebies Super Bowl Ads Super Bowl: How to Watch Popular Tax Deduction Wordle Hints for Feb. 6
Want CNET to notify you of price drops and the latest stories?
No, thank you

GAO: Security agency broke privacy laws

The TSA broke the law by failing to report why it collected data on nearly 250,000 airline passengers, the agency says.

The violated federal privacy law by failing to report exactly how and why it has collected personal data on nearly 250,000 airline passengers since last fall, according to a Government Accountability Office letter to Congress released Friday. Under the 1974 Privacy Act, federal agencies must post public notices outlining precisely how citizens' personal information is "collected, maintained, used and disseminated," the report said. The TSA twice delivered inaccurate and incomplete notices in fall 2004, the GAO concluded, when the agency began testing a new passenger prescreening program, known as Secure Flight, which would compare commercial airline reservation data against government "watch lists."

In response to the GAO findings, the TSA last month posted an updated notice intended to clarify its purpose. "However, that action does not excuse TSA's failure to meet basic Privacy Act requirements in carrying out this program," wrote Sen. Susan Collins, R-Maine, and Sen. Joseph Lieberman, D-Conn., in a letter to Department of Homeland Security Secretary Michael Chertoff.