Among weaknesses cited by GAO and other experts are too narrow a definition of “records” - formulated in the pre-electronic era; overuse of data; weak notice to citizens of how their information will be used; and the lack of a central privacy officer in the federal government. Experts said stronger federal leadership on privacy issues was needed.
“For the individual, loss of privacy can lead to crimes such as identify theft or stalking,” Lieberman said. “The dissemination or misuse of certain private data can also result in other harms such as loss of employment, discrimination, or unwarranted harassment or surveillance. Certainly, it is essential for government to collect and use personal information – for example to provide security, conduct law enforcement, or administer benefits. But we must strive to ensure that we tread carefully when dealing with the personal information of individuals and that we properly balance our many policy goals against potential incursions on privacy.”
Collins said: “For more than three decades, the Privacy Act has governed the sensitive personal information of American citizens that is collected by the Federal government. In the digital age, however, we must be even more vigilant to ensure that rapid technological change does not undermine the privacy rights that Americans treasure. That is why we are taking a hard look at the adequacy of the Privacy Act given the rapid pace of technological change.”
Congress developed a foundation for protecting individual privacy with the landmark Privacy Act of 1974 which sought to prohibit unauthorized disclosure of personal information, ensure the accuracy and relevance of information collected by the government, and provide individuals with access to their information and a means of redress for errors. Six years ago, the E-Government Act of 2002, which Senator Lieberman introduced and guided into law, further required that agencies analyze in advance the potential privacy impacts of new information systems and data collections, and minimize those potential risks.
Yet, as federal agencies rely more and more on data brokers and use greater amounts of personal information for an array of programs - including security-related watch lists and programs to verify citizenship for employment – the privacy risks increase. For instance, data breaches have occurred within the last few years through the theft of laptops, for example, and the posting of Social Security numbers on a public website.
Hearing witnesses included Linda Koontz, director of information management issues at GAO; Hugo Teufel III, the DHS Chief Privacy Officer; Peter Swire, senior fellow at the Center for American Progress specializing in privacy; and Ari Schwartz, Deputy Director of the Center for Democracy and Technology.