Committee plans to publicize geographic privacy policy

Members of the Federal Geographic Data Committee this month will begin a push to make federal computer users aware of a new policy designed to protect private information that may be stored in geographic information databases.

Nationwide, hundreds of agencies— from the Environmental Protection Agency to the U.S. Geological Survey to county tax offices— collect and maintain databases that contain information on land use and land conditions.

Agencies are increasingly sharing that information. But as agencies try to increase, enhance, dissect and share the data to manage land and resources more effectively, the potential for an individual's private information to seep into those databases increases.

Stephen Guptill, a scientific adviser for the National Mapping Division at USGS, said agencies are seeking to collect more data that will give them insights into such things as the relationship between vegetation and the spread of Lyme disease. But accurately divining that relationship would require federal researchers to collect data on individuals who have contracted Lyme disease, which is medical information that is considered private.

"It helps to know where the people who have those diseases are actually located," he said. "You tend to want to get down to an individual level."

Respecting Privacy

The FGDC— which is coordinating the development of a National Spatial Data Infrastructure that will allow all levels of government to share information in geographic databases— hopes the new policy will keep a lid on private information. The policy, which was adopted in late April, urges agencies to "acquire, disclose and use personal information only in ways that respect an individual's privacy."

Moreover, the policy advises agencies to limit the personal information acquired, disclosed and used in geographic information systems to only information that is "reasonably expected to support current or planned activities."

Kathy Covert, partnership coordinator for the FGDC, said the policy "is one of a suite of information policies that are crucial to the development of the National Spatial Data Infrastructure. People will not want to play and participate in electronic exchange of information...if their privacy is compromised."

But the FGDC policy is not as stringent as a law that already covers information in geographic databases, said Evan Hendricks, publisher of Privacy Times, a publication that reports on privacy issues.

"Those guidelines don't get them off the hook," he said. "The Privacy Act [of 1974] trumps these guidelines."

Hendricks said the Privacy Act requires agencies to keep information on an identifiable individual confidential and requires special procedures before exemptions to the act can be made for "routine use" of the information. Although he admitted that the exemption procedure can offer agencies a loophole, he said the act still is stronger than any guidelines an agency or committee might put together.

"The guidelines should be telling [agencies] to observe the Privacy Act and not abuse the 'routine use' exception," Hendricks said.

He said the FGDC should have cited the Privacy Act in its privacy policy, but the policy makes no mention of the act.