San Diego — 15 November, 2013: The General Accounting Office (GAO) issued its long-awaited report on data brokers, INFORMATION RESELLERS: Consumer Privacy Framework Needs to Reflect Changes in Technology and the Marketplace. The report discusses key World Privacy Forum testimony and research. “We are pleased with the GAO report,” said Pam Dixon, Executive Director of the World Privacy Forum. “In particular, we are glad the GAO highlighted our work calling for a stop to the selling of people’s sensitive medical and health information for marketing purposes. This is a practice that is causing great harm, the GAO made the right call in pointing out new controls are needed.” This press release includes links to the GAO report, to Dixon’s Congressional testimony, and to the WPF report discussed by the GAO.
We are delighted with CNN’s coverage of our new report on data brokers.
This report focuses on government use of commercial data brokers, the implications for that usage, and what needs to be done to address privacy problems. The government must bring itself fully to heel in the area of privacy. If it is going to outsource its data needs to commercial data brokers, it needs to attach the privacy standards it would have been held to if it had collected the data itself. Outsourcing is not an excuse for evading privacy obligations. Report authors: Bob Gellman and Pam Dixon.
The US federal government uses commercial data brokers  extensively for a wide variety of governmental activities. It is unquestioned that the government provides considerable revenue to commercial data brokers. How much? A reasonable and conservative estimate is that the number ranges in the billions of dollars. Over the course of the last 20 years, the extent of the relationship has become clear through a series of detailed investigations and scholarly research. For background purposes, we reference a leading study and discuss a newer use. This report does not seek to reinvestigate and re-document known uses.
Recommendations for the Office of Management and Budget:
OMB should establish privacy standards that are at least a good as those in and recommended for the Do Not Pay Initiative to cover all government purchases of commercial databases with personal information. OMB should consider accomplishing an expansion by establishing a task force that includes representatives of consumer and privacy groups.