Debate continues about whether lawmakers need to rewrite privacy rules to accommodate new technologies.
Some privacy rights advocates cheered the Senate Appropriations Committee for threatening hundreds of millions of dollars in State Department funding if the agency does not improve data protections for a passport record system. However, the debate continues about whether lawmakers need to rewrite privacy rules to accommodate new technologies.
Privacy advocates and some lawmakers were up in arms in March when news broke that that three contractors and a State employee snooped into the passport files of three presidential candidates, which violated the 1974 Privacy Act. That law defines what the government can and cannot do with an individual’s personal information.
The violations and an ensuing investigation led State’s inspector general to make 22 recommendations this month for how the agency’s Bureau of Consular Affairs should improve security to its passport information database.
Meanwhile, appropriations committee members approved a funding measure this month that threatened to withhold about $400 million from State in fiscal 2009 if the department does not implement all of the IG’s recommendations.
Marc Rotenberg, the executive director of the Electronic Privacy Information Center, said he thought the committee was sending a powerful message and that it was important to hold agencies accountable when breaches occur.
However, Rotenberg and other privacy experts say that the Privacy Act also needs to be updated.
Peter Swire, a law professor at The Ohio State University who served as a top privacy officer in the Clinton administration, said clarifications are needed as to how the privacy law defines an agency. He said clarifications are also needed regarding “routine use” exceptions, which allow individuals’ information to be shared if the reason is compatible with the purpose for which it was originally collected.
Barry Steinhardt, director of the Technology and Liberty Project at the American Civil Liberties Union, said significant changes are needed to the 1974 law.
“The Privacy Act is a total anachronism,” he said. “It’s almost 35 years old — it needs to be rewritten for the 21st century.”