Five federal agencies in the US that use data mining techniques to collect information are not fully complying with the privacy and security requirements necessary to protect the individuals affected, according to the Government Accountability Office (GAO).
Its report on data mining, published yesterday, had been requested by Senator Daniel K Akaka, Ranking Member of the Senate Subcommittee on the Oversight of Government Management. Data mining usually means analysing large volumes of data to extract knowledge or to identify patterns or relationships. It is used in both the public and private sectors, but questions have been raised as to whether there are adequate measures in place within federal agencies to protect the personal details of individuals caught in the information sweep. The GAO reviewed data mining efforts at the Internal Revenue Service, the Federal Bureau of Investigation, the Small Business Administration, the Department of Agriculture Risk Management Agency, and the Department of State. These activities use personal information and each obtains data from another agency or a private sector source. The GAO found that while these agencies took many of the key steps to protect personal information, none followed all of the key procedures. Some of the agencies failed to follow the notice requirements in the Privacy Act, others had privacy impact assessments (PIA) that were not in compliance with Office of Management and Budget guidance, and still others failed to meet key information security requirements. “Until agencies fully comply with these requirements,” says the report, “they lack assurance that individual privacy rights are being appropriately protected.” According to Senator Akaka, "the failure of agencies to follow key privacy and security requirements limits the ability of the public to participate in the management of their personal information and risks improper disclosure or alteration of personal data.” "Although GAO found these lapses at the five agencies it reviewed, this is a troubling trend given the number of data mining activities in the federal government that use personal information," he warned. According to an earlier GAO report for Senator Akaka, published in May 2004, federal agencies are using or plan to use 199 data mining activities of which 122 involve the use of personal information. Forty-six of these federal data mining activities involve sharing personal information between agencies and 36 programs use personal information from the private sector. The personal information used in these data mining activities includes credit reports, credit card transactions, student loan application data, bank account numbers, and taxpayer identification numbers. Senator Akaka concluded: "It is imperative that agencies are in compliance with federal privacy and security laws to protect personal information. In light of the high number of data mining activities in the federal government and the use of personal information, we must ensure that the federal government is following the laws set up to protect the privacy rights of all Americans. Having policies and safeguards in place will not work if agencies are not following the law." 
