Report says agencies must protect privacy when sharing data

Data sharing among federal agencies often creates new information that could reveal a citizen's identity, according to a new General Accounting Office report.

Data sharing among federal agencies often creates new information, which in turn creates a host of new privacy protection issues, according to a new study by the General Accounting Office. Linking personal information about a person from several different sources generates new information, and that new information could reveal the citizen's identity, according to "Record Linkage and Privacy: Issues in Creating New Federal Research and Statistical Information" (GAO-01-126SP). By law, agencies can share citizens' personal data, including names, birth dates and Social Security information, to avoid overpayments and other errors when processing benefits. But the 1974 Privacy Act and the 1988 Computer Matching and Privacy Protection Act restrict agencies' power to share citizens' personal information.

Under the 1988 law, agencies must enter into information-sharing agreements designed to protect citizens' privacy. Agency data integrity boards review the agreements, and agencies must publish their intent to disclose public information in the Federal Register. Shared information is often used in health research, to measure government performance and to evaluate social programs. Some federal agencies, such as the Census Bureau and the National Center for Health Statistics, are charged with gathering personal information and producing statistics based on their findings.

The Social Security Administration and the IRS frequently share tax information because the two agencies are responsible for administering programs that are connected to one another: Social Security tax collection. According to the study, data sharing has thrived because innovations in technology have allowed for the large-scale maintenance of records. Greater awareness of the benefits of linking information and the Paperwork Reduction Act of 1998, which ordered the federal government to put all its services and transactions online by 2003, were also factors in increased data sharing. But sharing citizens' personal information among federal agencies raises privacy questions, such as whether the parties have consent to share the information, whether the information swapped should be shared with other organizations and the possibility that the information shared may reveal citizens' identities, GAO found. Agencies such as the Social Security Administration and the IRS are increasing the ways they share citizens' personal information, according to a recent survey of data sharing among federal agencies conducted by Privacilla.org, a public policy Web site advocating privacy. While GAO does not discourage data sharing, it did offer some recommendations for protecting privacy, including asking respondents for consent, adding random information to the shared data and using a third party to link the information. GAO also suggested that agencies put in place ways to ensure accountability for the information. "Maintaining and improving privacy protections is key to achieving the public's cooperation in providing accurate records and participating in surveys and studies," GAO said.