Both data mining—in which large amounts of data from different sources are aggregated, searched and analyzed—and radio-frequency identification technologies are raising privacy concerns, Linda Koontz, director of information management issues for GAO, said in testimony before the House Judiciary Subcommittee on Commercial and Administrative Law yesterday.
Furthermore, Privacy Impact Assessments performed on federal data-mining efforts are not meeting Office of Management and Budget guidance, Koontz said. Out of five federal data-mining efforts assessed, only three had conducted privacy impact assessments, and none had complied fully with OMB guidance, she said.
As for RFID, while common applications, such as inventory control, are acceptable, the potential use of RFID to track travel movements of people is likely to generate privacy concerns, Koontz said.
Using RFID, a person’s movements can be monitored in real time by tracking devices that someone carries. The same RFID can be used to assemble profiles of people, based on their movements and transactions over a period of time, to ascertain information about their habits, Koontz said.
A third concern over RFID is potential mission creep, in which a narrowly defined operation inadvertently expands to a much broader—and potentially invasive—mission.
GAO has previously reported that federal officials are uncertain about how to apply privacy protections to the collection and use of personal information obtained from commercial sources, including information resellers.
Autor/Author: Alice Lipowicz
Quelle/Source: Government Computer News, 18.05.2006
