Are Government Agencies Keeping Your Data Safe?
No one wants something as valuable as their credit card numbers to fall into the wrong hands. That's why we limit private uses of this type of personal data. But what about government agencies that hold some of your most vulnerable, confidential information? We need to ensure that safeguards against unauthorized access to your data are in place, especially given the increasing amounts of personal information government agencies are able to collect. And those safeguards need to include measures that track government officials who access your data to ensure that their use of that data is legitimate.
Recent events in Minnesota show just how hard it can be to determine who accesses your data and how many times it has been accessed. This past year, a Minnesota county sheriff suspected his confidential driver's license records had been accessed illegitimately (something that may be a recurring problem for the state) and asked the Minnesota Department of Public Safety who had accessed those records. Despite the request coming from a high-profile state employee, the sheriff only got half of a response. He was informed that requests for his record came from 21 different agencies, including his own office—but the department, citing legal grounds, refused to tell him the names of the employees who made the requests, making it impossible for him to find out how the data had actually been used.
Safeguarding data held by the government grows even more important as technology allows the collection of vast amounts of sensitive information about individuals that are susceptible to misuse. Just as the Minnesota sheriff's driving records were left vulnerable by inadequate internal controls, unauthorized access to records in other areas of our lives could have serious consequences. And if data originally collected for government purposes ends up in the hands of private citizens (a very real possibility given companies are profiting from helping law enforcement), the potential for abuse increases.
We need auditing and accountability in place to ensure that our data is not only collected legitimately but also used legitimately. No one wants their data misused or abused, especially by a government agency in which we place our trust. Government agencies should ensure that the data collected is only available under specific circumstances, and that all access to data is logged. Adherence to these policies should be subject to independent, external audits. This will allow agencies to fulfill their duties while protecting citizens' privacy as well.