GAO: Privacy issues remain in data mining programs
- By Patience Wait
- Aug 30, 2005
A sampling of data mining programs in several federal agencies has found that implementing privacy and security measures is haphazard, according to a report from the Government Accountability Office.
Of five data mining programs at five different agencies, 'none followed all key procedures' for privacy and security measures, GAO said.
, titled 'Data Mining: Agencies Have Taken Key Steps to Protect Privacy in Selected Efforts, but Significant Compliance Issues Remain,' examined programs at the Small Business Administration, the Agriculture Department's Risk Management Agency, the IRS, the State Department and the FBI.
'Most agencies notified the general public that they were collecting and using personal information and provided opportunities for individuals to review' that information, GAO found, but agencies are also required to tell the public why the information is being gathered.
Only the State Department and the SBA did so; RMA did not give notice consistently, while the IRS and FBI claimed an allowed exemption because the systems are used in law enforcement.
Three of the agencies have prepared privacy impact assessments, but none of the assessments complied with guidance provided by the Office of Management and Budget.
The watchdog agency submitted recommendations for improvement tailored to each agency's needs and requirements. The agencies subject to review generally agreed with the majority of GAO's recommendations. However, the General Services Administration, which provides a database to State, disagreed, claiming the Privacy Act doesn't apply to its system and that it has taken adequate security measures.
'However, in our view, GSA's system is subject to the Privacy Act,' the GAO concluded. 'Additionally, while we acknowledge GSA's efforts to secure its system, it is nonetheless required to comply with the specific requirements of the Federal Information Security Management Act of 2002 ' and related guidance,' GAO said.