Federal data collection and use is illegal.
This article explains why.
article The first issue is that the Privacy Act of 1974 (PA) provides for a wide range of lawful data collection methods.
For example, the Privacy Protection Act (PPA) provides that the collection and sharing of information about individuals “is authorized by law” and provides that such information must be used only for the purpose of “protecting, promoting, preserving, or enforcing the rights of persons.”1 In addition, Section 7 of the PPA provides that “no person shall … knowingly collect, use, retain, or disclose any personal data without the written consent of such person.”2 The Privacy Act also allows the collection of “information in the ordinary course of the activities of a person.”3 Finally, Section 6(b) of the PPA provides that information may be used for “the protection, promotion, preservation, or enforcement of the rights or interests of any person.”4 The PPA and the Privacy and Civil Liberties Oversight Board (PCOLB) have been issuing guidance for federal agencies and other government agencies on how to collect, share, and use personal data since 1996.
The PCOLB issued its final guidance in 2014.
The PPA has since been amended several times.
The Privacy and Protection Act of 1994 (PPA) is one of the most recent of the law’s revisions.5 In 2006, Congress passed the Privacy Enhancement Act, which was designed to expand privacy protections.
The law requires the Attorney General and the Office of Personnel Management to develop guidelines for government agencies to implement and implement in a way that “promotes the goals of the [Privacy and Protection] Act.”
The new Privacy Act includes a provision requiring agencies to develop privacy standards that are consistent with the law and with the Privacy Standards and Guidelines for Government Information Systems.6 The new privacy standards and guidelines are based on the National Privacy Principles of 2004 (NPPC) that were published by the Government Accountability Office in June 2005.
The NPPC is a set of standards for government information systems.
NPPC includes five overarching principles.
The five principles are: (1) the Government should maintain a public trust; (2) the use of government information should be limited to legitimate purposes; (3) the protection of privacy should be a fundamental and compelling interest; (4) the public should have access to information and to a fair process of adjudication; and (5) the data should be used in a manner that is transparent and effective.7 NPPC was drafted as a result of the Privacy Impact Assessment (PIA) conducted by the Office for Civil Rights, the Office’s Office of Information and Regulatory Affairs, and the Federal Trade Commission.8 Under the NPPC, agencies must establish privacy standards for information systems that they use and collect, including those that are used for the protection, advancement, or advancement of the public interest.9 Under the new Privacy Standards, the Department of Justice (DOJ) will be responsible for developing the Privacy Guidelines.
The DOJ also plans to develop a set for government employees, which will include a privacy standard for information technology.10 The DOJ plans to publish the new guidelines in early 2015, which means that they will likely be available to all agencies in early April.11 As of March 2014, the DOJ had collected 1.7 million pieces of personal information for federal law enforcement and intelligence agencies.12 The DOJ released the guidelines for agencies to use on May 1, 2015, the day after the DOJ published the first version of the guidelines.13 However, there are many agencies that have not adopted the guidelines, including the IRS, the FDA, the VA, and several other government organizations.14 In January 2017, a federal appeals court upheld the DOJ’s decision to release the DOJ guidelines.15 The DOJ was initially unable to comply with the court order because the DOJ was not allowed to release them until after it had filed a lawsuit against the IRS and the VA.16 The DOJ’s position on the release of the DOJ Guidelines is based on a variety of factors, including: the DOJ believes that the release would advance its interests; the DOJ has a strong interest in promoting the public’s trust in its agencies; the release is consistent with federal privacy law; and the DOJ does not believe that releasing the DOJ Standards would result in any substantive harm to the public.17 The DOJ is a member of the PCOL, which has a jurisdiction over the federal government.18 The PCO and the FTC have jointly developed privacy standards, guidelines, and other guidance documents for the Federal Government.19 The DOJ has been a strong advocate for using data to improve information security.
In January 2016, the U.S. Attorney’s Office in Washington, D.C., announced the creation of the Cybersecurity Advisory Board.
The Cybersecurity Board is chaired by Deputy Assistant Attorney General Richard C. Kleiner and includes members of the Justice Department, the FBI, the Federal Communications Commission, and others.20