GAO: Federal Privacy Laws Need Updating to Address Changing Technologies
August 8, 2012 | Risk Management News
Technological advances have rendered some of the provisions of the Privacy Act of 1974 and the E-Government Act of 2002 inadequate to fully protect all personally identifiable information collected, used, and maintained by the federal government, states the U.S. Government Accountability Office (GAO) in a July 31, 2012, report. According to GAO, while these laws and other guidance set the minimum requirements for government agencies, they may not protect personal information in all circumstances in which it is collected and used throughout the government and may not fully adhere to key privacy principles. To address this issue, GAO recommends that Congress consider amending applicable privacy laws so that privacy protections are consistently applied to all federal collection and use of personal information, the use of personally identifiable information is limited to a stated purpose, and effective mechanisms for informing the public about privacy protections are established.