Privacy: Alternatives Exist for Enhancing Protection of Personally Identifiable Information

Source: Government Accountability Office, GAO-08-536, May 2008

The centerpiece of the federal government’s legal framework for privacy protection, the Privacy Act of 1974, provides safeguards for information maintained by federal agencies. In addition, the E-Government Act of 2002 requires federal agencies to conduct privacy impact assessments for systems or collections containing personal information.

Increasingly sophisticated ways of obtaining and using personally identifiable information have raised concerns about the adequacy of the legal framework for privacy protection. Although the Privacy Act, the E-Government Act, and related guidance from the Office of Management and Budget set minimum privacy requirements for agencies, they may not consistently protect personally identifiable information in all circumstances of its collection and use throughout the federal government and may not fully adhere to key privacy principles. Based on discussions with privacy experts, agency officials, and analysis of laws and related guidance, GAO identified issues in three major areas:

Applying privacy protections consistently to all federal collection and use of personal information.
Ensuring that collection and use of personally identifiable information is limited to a stated purpose.
Establishing effective mechanisms for informing the public about privacy protections.

Related:
Privacy: Congress Should Consider Alternatives for Strengthening Protection of Personally Indentifiable Information, GAO-08-795, June 18, 2008

Privacy: Agencies Should Ensure That Designated Senior Officials Have Oversight of Key Functions, GAO-08-603, May 30, 2008

Center for Democracy and Technology (CDT) Urges Congress to Move This Year to Update Federal Privacy Legislation
Testimony before Senate Government Affairs Committee

Leave a Reply