Many agencies that used data from commercial data resellers for agency systems in fiscal 2006 did not perform privacy impact assessments on those systems as required by the e-Government Act and the Privacy Act, the Government Accountability Office has said in calling on agencies to be mindful of privacy protections in the face of mounting difficulties posed by IT and the increasing use of data mining.
GAO also said that in public notices on these systems, agencies did not always reveal that information resellers were among the sources to be used.
It called on chief privacy officers to work with Office of Management and Budget officials to identify ambiguities and provide clarifications about the applicability of privacy provisions, such as in situations involving the use of reseller information — and it called on senior officials to increase agency awareness and raise the priority of privacy issues.
Advances in IT also pose challenges in protecting privacy, according to GAO-06-777T.
It said for example that the use of data mining has expanded from detecting financial fraud and abuse to detecting terrorist threats.
However, in 2005 GAO found that agencies using data mining do not follow all the key procedures.
This is also the case regarding the use of radio frequency identification — wireless data transmission from tiny chips embedded in objects as small as ID cards — and federal agencies have proposed using the technology to physical access controls and tracking assets, documents, or materials, GAO said.
It said the use of RFIDs by the federal government to track the movement of individuals traveling within the United States raises privacy concerns, and that agency privacy offices can serve as a key mechanism for ensuring that privacy is fully addressed in agency approaches to new technologies.