Federal agencies are not obeying privacy laws regarding the datamining of personal information - and indeed most agencies do not understand the privacy implications of datamining activities, the General Accounting Office charged in a report (PDF) released today.
According to Federal Computer Week, GAO auditors found that “while the agencies responsible for these five efforts took many of the key steps required by federal law and executive branch guidance for the protection of personal information, none followed all key procedures.”
Part of the problem is that agency officials themselves do not fully comprehend the privacy repercussions of data-mining. Federal law requires agencies to conduct privacy impact assessments before collecting data containing personal information. The five agencies reviewed did not perform acceptable privacy impact assessments, according to the report.
“None of the agencies we reviewed conducted a complete privacy impact assessment,” the report states. “In addition, none of the privacy impact assessments adequately addressed the choices that agencies made regarding privacy in their data mining efforts. As a result, the basis for their choices regarding tradeoffs between privacy protections and operational needs is unclear. Better analyses of such choices could help agencies strike the appropriate balance between operational needs and individuals’ rights to privacy.”