GAO: Agencies, resellers must heed privacy rules

Several federal departments?notably Homeland Security and Justice?regularly buy access to personal information databases that do not comply with federal rules for protecting privacy, according to a new report from the Government Accountability Office.

The federal government spends about $30 million a year on contracts with data resellers that compile huge databases of personal information including names, phone numbers, addresses, Social Security numbers, financial records, assets and relatives' names.

About 91 percent of the federal purchases of such data in 2005 were for law enforcement and counterterrorism, primarily by the Justice and Homeland Security departments. The data was used for criminal investigations, locating witnesses, fraud detection and border screenings.

However, the resellers that sell the information to the government do not comply consistently with Fair Information Practices, the GAO said. As for the handling of that information, the agencies complied with privacy rules in half the cases examined, and did not comply in the other half.

Lack of guidelines on how to apply the privacy rules is also a problem.

"Contributing to the uneven application of the Fair Information Practices are ambiguities in guidance from the Office of Management and Budget regarding the applicability of privacy requirements to federal agency uses of reseller information," the GAO said. "In addition, agencies generally lack policies that specifically address those issues."

The federal agencies "lack robust audit mechanisms to ensure that use of personal information from information resellers is for permissible purposes," the report said.