None of five federal agencies using electronic data mining to track terrorists, catch criminals or prevent fraud complied with all rules for gathering citizen information. As a result, they cannot ensure that individual privacy rights are appropriately protected, congressional investigators said Monday.
The agencies’ lapses either “increased the risk that personal information could be improperly exposed or altered” or “limited the ability of the public -- including those individuals whose information was used -- to participate in the management of that personal information,” the Government Accountability Office said.
A study by the GAO, Congress’ investigating arm, sampled five of the dozens of federal agencies that use computerized data analysis: the Agriculture Department, FBI, Internal Revenue Service, Small Business Administration and State Department. It evaluated whether one data mining activity in each agency complied with the Privacy Act, federal information security laws and government directives.
The ranking Democrat on the Senate government management subcommittee, Daniel K. Akaka of Hawaii, who requested the study, said the findings represented “a troubling trend given the number of data mining activities in the federal government that use personal information.”
In May 2004, a GAO survey found that federal agencies were using or planning 199 data mining projects, including 122 that used personal information, including credit reports, credit card transactions, student loan application data, bank account numbers and taxpayer identification numbers.
The GAO found only three of the programs studied had prepared privacy impact assessments of their data programs, and none of those complied with all Office of Management and Budget guidance. The assessments describe how the data would be used and protected.