- Dell to make a play for Brocade?
- Lawsuit shows HP sees Hurd as primal threat
- iPhone 4 Wi-Fi proves a challenge for university
- Only 5 (all women) of 135 pass Defcon social engineering test
- Google boosts Chrome 6 speed into dead heat with leaders
Updates to a 34-year-old privacy law are needed to better protect personal information held by the U.S. government, some privacy experts said Wednesday.
The 1974 Privacy Act, the main law governing how U.S. agencies should handle private information, hasn't kept up with new technologies and, in some cases, has huge exceptions on its restrictions for sharing personal information, witnesses told the Senate Committee on Homeland Security and Governmental Affairs.
"Technology evolves so rapidly in this day and age, that we will need to be more vigilant in ensuring that the wheels of progress are not inadvertently running over our basic privacy rights," said Senator Susan Collins, a Maine Republican. "We're constantly trying to catch up with the laws and the policies to the technology."
The U.S. government needs to make several improvements in its privacy policies and data collection to avoid data breaches such as a 2006 incident in which a laptop containing the personal information of 26.5 million people was stolen from a U.S. Department of Veterans Affairs employee, or reports of 490 laptops stolen from the U.S. Internal Revenue Service, Collins said.
The U.S. Government Accountability Office (GAO) was due to release two reports on Wednesday, one calling for Congress to establish new privacy rules and a second recommending that the White House Office of Management and Budget (OMB) establish a permanent chief privacy officer who could oversee privacy efforts governmentwide.
Privacy protections are not consistently applied across the U.S. government, and agencies often do not limit their collection of personal data to needed information, said Linda Koontz, GAO's director of information management issues.
"Current laws and guidance impose only modest requirements for describing the purposes for personal information and limiting how it is used," Koontz wrote in one report.
Agencies are not required to be specific in their data-collection public notices, which "could allow for unnecessarily broad ranges of uses, thus calling into question whether meaningful limitations had been imposed," she wrote.
Privacy advocates Ari Schwartz, vice president of the Center for Democracy and Technology, and Peter Swire, an Ohio State University law professor and former chief privacy counselor at OMB in President Bill Clinton's administration, also called for Congress to mandate changes in the way U.S. agencies handle personal data.
The Privacy Act doesn't address new technologies such as data mining, which can have major privacy implications, nor does it envision government agencies contracting with private data brokers, Schwartz said. Current privacy guidance from President George W. Bush's administration is "vague and simply does not provide the agencies the tools they need" to create privacy impact assessments for their use of personal data, he said.
Schwartz and Swire both called on Congress to update the Privacy Act and close loopholes in the law, as well as to create a permanent chief privacy officer at OMB.
Rss FeedRss Feed
The Connected Enterprise
Comment