Sampling Finds Federal Data Mining Fails To Assure Privacy Protections
The Government Accountability Office (GAO) held a study of five federal agencies that employ data mining, and issued a report on Aug. 29 concluding that none of the agencies fully comply with the Privacy Act, federal information security statutes, or government directives concerning the collection of information on citizens. Consequently, the agencies offer no guarantees that individual privacy rights are properly safeguarded. The GAO investigated an Agriculture Department Risk Management Agency initiative to detect fraud in federal crop insurance; a State Department-General Services Administration effort to monitor employees’ use of government charge cards; the IRS Reveal System to spot terrorist activity, financial crimes, and fraud; the FBI Foreign Terrorist Tracking Task Force’s attempts to locate terrorists in the country; and the Small Business Administration’s (SBA) use of its risk measurement/management system in two loan programs. The office discovered that only three agencies had prepared privacy impact assessments of their data programs, none of which were fully compliant with Office of Management and Budget (OMB) guidelines. The report found evidence indicating that all five agencies had made some progress toward security, but none had adhered to all federal and OMB privacy regulations. State had failed to perform a risk assessment to ascertain vulnerabilities and develop countermeasures; FBI and Agriculture did not test contingency plans; SBA and Agriculture did not fully document their incident response capabilities; and the IRS system was still being tested.
Abstracted by the National Law Enforcement and Corrections Technology Center(NLECTC) from the Associated Press (08/30/05); Sniffen, Michael J. .