This report focuses on government use of commercial data brokers, the implications for that usage, and what needs to be done to address privacy problems. The government must bring itself fully to heel in the area of privacy. If it is going to outsource its data needs to commercial data brokers, it needs to attach the privacy standards it would have been held to if it had collected the data itself. Outsourcing is not an excuse for evading privacy obligations. Report authors: Bob Gellman and Pam Dixon.
The US federal government uses commercial data brokers  extensively for a wide variety of governmental activities. It is unquestioned that the government provides considerable revenue to commercial data brokers. How much? A reasonable and conservative estimate is that the number ranges in the billions of dollars. Over the course of the last 20 years, the extent of the relationship has become clear through a series of detailed investigations and scholarly research. For background purposes, we reference a leading study and discuss a newer use. This report does not seek to reinvestigate and re-document known uses.
Recommendations for the Office of Management and Budget:
OMB should establish privacy standards that are at least a good as those in and recommended for the Do Not Pay Initiative to cover all government purchases of commercial databases with personal information. OMB should consider accomplishing an expansion by establishing a task force that includes representatives of consumer and privacy groups.
OMB deserves much praise for this novel privacy initiative, but it has more work to do. The evaluation of the first private sector database in the Do Not Pay Initiative needs to be accomplished in the open with full participation by all interested parties. The OMB memo provides for that. We need to see how well that process works.
The best starting point for understanding the OMB Do Not Pay memo is with the legal framework behind the Do Not Pay Initiative. The Initiative derives from a combination of little-noticed executive orders and updates to existing laws.
In 2009, Executive Order 13520, Reducing Improper Payments,  directed agencies to identify “ways in which information sharing may improve eligibility verification and pre-payment scrutiny.” This was the start of the current Do Not Pay Initiative.