GAO: Privacy issues remain in data mining programs

A sampling of data mining programs in several federal agencies has found that implementing privacy and security measures is haphazard, according to a report from the Government Accountability Office.

Of five data mining programs at five different agencies, 'none followed all key procedures' for privacy and security measures, GAO said.

The report, titled 'Data Mining: Agencies Have Taken Key Steps to Protect Privacy in Selected Efforts, but Significant Compliance Issues Remain,' examined programs at the Small Business Administration, the Agriculture Department's Risk Management Agency, the IRS, the State Department and the FBI.

'Most agencies notified the general public that they were collecting and using personal information and provided opportunities for individuals to review' that information, GAO found, but agencies are also required to tell the public why the information is being gathered.

Only the State Department and the SBA did so; RMA did not give notice consistently, while the IRS and FBI claimed an allowed exemption because the systems are used in law enforcement.

Three of the agencies have prepared privacy impact assessments, but none of the assessments complied with guidance provided by the Office of Management and Budget.

The watchdog agency submitted recommendations for improvement tailored to each agency's needs and requirements. The agencies subject to review generally agreed with the majority of GAO's recommendations. However, the General Services Administration, which provides a database to State, disagreed, claiming the Privacy Act doesn't apply to its system and that it has taken adequate security measures.

'However, in our view, GSA's system is subject to the Privacy Act,' the GAO concluded. 'Additionally, while we acknowledge GSA's efforts to secure its system, it is nonetheless required to comply with the specific requirements of the Federal Information Security Management Act of 2002 ' and related guidance,' GAO said.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected