Koontz to Congress: Revise privacy laws

Congress should consider revising privacy laws to ensure that the sensitive data the government collects and uses is appropriately protected, said Linda Koontz, director of information management issues at the Government Accountability Office.

Current laws and guidance governing the federal government's collection, use and disclosure of personal information have gaps and other shortcomings, Koontz told the Senate Homeland Security and Governmental Affairs Committee today.

Although the Privacy Act, the E-Government Act and guidance from the Office of Management and Budget set minimum privacy requirements for agencies, they might not consistently protect personally identifiable information in all circumstances, she testified.

Those laws and guidance might not limit agencies' collection and use of personal information to specific purposes, and definitions are too narrow, Koontz said. She added that technologies, data use and information sharing have changed dramatically since the Privacy Act was written in 1974.

To comply with the Privacy Act, agencies must notify the public via a notice in the Federal Register whenever they create a system of records that contains personal information. The notice defines the scope of the data to be collected and how it will be used, a GAO report states.

However, the notices don't always provide enough information about the data collected, and they can be difficult for the public to understand, Koontz said.

Only modest limitations exist on sharing personal data among federal agencies, she added, and they increasingly need to share data with state and local agencies and the private sector.

"But there's no onward transfer of provisions that assure privacy travels with the data," Koontz said. "This is a concern. We need stronger protections because we foresee more sharing."

GAO recommended that Congress:
  • Revise the scope of the laws to cover all personally identifiable information collected, used and maintained by the federal government.
  • Set requirements to ensure that the collection and use of personal data is limited to the stated purpose.
  • Establish additional mechanisms for informing the public about privacy protections.

Mary Mosquera writes for Government Computer News and Federal Computer Week, 1105 Government Information Group publications.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.