AUGUSTA – All four members of Maine’s congressional delegation are upset with the results of a recent report showing that personal information about law-abiding citizens is being gathered and improperly handled by private services hired by government agencies.
Such information services have been increasingly hired by federal agencies to assist with criminal and homeland security issues, but a Government Accountability Office report issued this month reveals that the use of the services lacks oversight and that federal privacy laws are routinely being broken.
“I am very concerned by the GAO’s findings,” Sen. Susan Collins said. “The federal government, largely for legitimate purposes, law enforcement and counterterrorism, [is] tapping into private databases that include a tremendous amount of data on American citizens. The problem is that much of that is out of date or inaccurate.”
The GAO reported that four federal agencies, including the Justice Department and the Department of Homeland Security, spent about $30 million last year to access information collected and maintained by private companies. The data included individuals’ addresses, past addresses, family members, buying habits, personal finances, and listed and unlisted phone numbers.
Collins said she is most concerned that the GAO report indicates the private firms are not following the Privacy Act of 1974, which limits the collection and use of information about law-abiding citizens.
“That’s why I pushed for creation of the Privacy Board when we created the Department [of Homeland Security] so that there would be oversight of what data is being collected and how it is being used,” Collins said.
But she acknowledged that President Bush does not share her view of the need for an “aggressive” oversight board and has neither provided adequate funds to operate the board nor nominated its members.
“It has been a battle to get the board operating,” she said,” but I think some of the issues raised in the GAO report could be addressed by the Privacy Board.”
The GAO said in its 83-page report that federal agencies are not requiring the private contractors to follow the same rules the agencies must follow under the Privacy Act. The companies are not required to notify members of the public when information about them is being collected, nor do they allow individuals access to records about themselves, and they generally do not have provisions for correcting mistakes, the study concluded.
“Resellers make it their business to collect as much personal information as possible,” the study concluded. “The nature of the information reseller business is essentially at odds with the principles of the Act.”
Rep. Michael Michaud said he was “surprised” when he saw the GAO report and concerned at the apparent lack of oversight by federal agencies despite federal laws that seek to protect the privacy of individuals.
“These files involve sensitive, private information,” he said. “I was concerned to see that the GAO said there are not adequate safeguards to prevent this information from getting in the hands of some fraud artists.”
The GAO investigation was prompted by the security breaches at two large companies – ChoicePoint Inc. and LexisNexis – in which files containing sensitive information involving almost 200,000 people were sold to scam artists.
Michaud said if current laws do not provide adequate protection, the House Judiciary Committee should draft stronger legislation. The panel held hearings on the GAO report earlier this month.
“There are too many outstanding questions over how safely information brokers collect and disseminate personal information,” Sen. Olympia Snowe said. “I believe that Congress must examine ways to ensure that these private firms are in full compliance with the federal Privacy Act.”
She said the security breaches highlighted in the GAO report have raised fears that sensitive and private information in the hands of the federal government is not being handled properly by agencies.
“I also believe that OMB [the Office of Management and Budget] must do more to clarify how all the agencies of the federal government apply these necessary privacy requirements and how they use this reseller information,” Snowe said. “We must do a cross-agency review of their privacy practices to ensure that they are consistent across the board.”
Rep. Tom Allen said he is convinced the problem stems from the trend in the federal government to outsource a growing number of activities. He said the study indicates federal agencies are not holding contractors to the standards required by federal law.
“We are outsourcing too much intelligence gathering to outside agencies,” he said. “Federal agencies need to hold these outside companies to the same standards that the law requires of them.”
As for Collins’ criticism of Bush for not implementing the Privacy Board, Allen said while he shares the concern, it is clearly in keeping with the Bush administration’s policies.
“I wish I could say I am shocked and surprised,” he said, “but I am not. This seems to be part of a pattern.”
Allen and Michaud, both Democrats, said Congress should move to strengthen existing laws to make sure individual privacy is protected, but acknowledged they are in the minority in the House and can do little to affect what issues are considered this year.
“We don’t set the agenda,” Michaud said. “But I think there are Republicans in the House that are worried as much as I am about this.”
Collins said she may hold hearings before the Homeland Security and Government Operations Committee on the GAO report and said she will urge other committees that share jurisdiction to also consider hearings and legislation.
Comments
comments for this post are closed