Data Brokers and the Federal Government: A New Front in the Battle for Privacy Opens | Recommendations
You are reading the Recommendations section of Data Brokers and the Federal Government: A New Front in the Battle for Privacy Opens
Jump to other sections of the report: Executive Summary | I.Introduction | II. Discussion | III. Recommendations | IV. Conclusion | Appendices
Recommendations for the Office of Management and Budget:
- OMB should establish privacy standards that are at least a good as those in and recommended for the Do Not Pay Initiative to cover all government purchases of commercial databases with personal information. OMB should consider accomplishing an expansion by establishing a task force that includes representatives of consumer and privacy groups.
- In the near future, OMB should expand the privacy standards for the Do Not Pay Initiative to require that commercial databases comply fully with all Fair Information Practices, including collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, access and correction rights, and accountability.  It is especially important that data subjects have meaningful, timely, and effective access and correction rights to any commercial databases used by federal agencies. OMB should take steps to expand the privacy standards at the earliest possible opportunity following a reasonable test of the new Do Not Pay procedures.
- Because The Work Number will be the first test of a pilot project under the Do Not Pay Initiative, OMB should ensure that it provides for ample and prominent notice and public comment opportunity if it proposes permanent adoption of The Work Number. This is essential so that there will be a fair test of the effectiveness of public oversight of the new private sector database standards. Public notice should include extensive documentation about the accuracy, timeliness, relevance, and completeness of The Work Number. An independent audit of The Work Number’s compliance with data standards would be especially useful. In addition, all of the data fields maintained by The Work Number must be published to allow an evaluation whether any of the data reflects on the exercise of First Amendment rights.
- According to the OMB FAQ on the Initiative, Treasury is considering inclusion of state-level data.  Before expanding the Initiative to state data, OMB should apply to state databases the same privacy standards and procedures that the Do Not Pay memo applies to commercial databases.
Recommendations for the States:
The states also use commercial data sources and have market power. Each state should follow the example policies established by OMB and require that any commercial databases containing personal information used for state activities meet privacy standards consistent with Fair Information Practices. Standards for state purchases might be established using executive rather than legislative authority. Governors or State Attorneys General might consider establishing uniform standards here so that all states impose the same standards.
Recommendations for Congress:
Congress should request that the Government Accountability Office review the implementation of the OMB Do Not Pay Initiative to make sure that the privacy standards are fairly implemented.
If Congress is unwilling to legislate broadly applicable privacy standards consistent with Fair Information Practices for commercial databases containing personal information, Congress should nevertheless encourage, authorize, or direct OMB to establish standards for all government purchases of commercial databases containing personal information.
Recommendation for the Federal Trade Commission:
The Federal Trade Commission has long had the ability to determine that the failure of a commercial database containing personal information to meet Fair Information Practices is an unfair trade practice. The Commission has not yet taken any meaningful step in that direction. Nevertheless, any partial action by the FTC toward the goal of broader implementation of Fair Information Practices would still be welcome.
Recommendation for the public, including consumer and privacy groups:
The public as well as and consumer and privacy groups should closely monitor the Do Not Pay Initiative and should actively participate in any opportunity for public comment about the use of commercial databases.
 For a history of Fair Information Practices, see Robert Gellman, Fair Information Practices: A Basic History, at http://bobgellman.com/rg-docs/rg-FIPshistory.pdf.
 Treasury Department, April 2012 Webinar Questions at 2 (Is there a possibility for Do Not Pay to obtain state data?), http://donotpay.treas.gov/DoNotPayWebinarQuestionsApril2012.pdf.
Roadmap: Data Brokers and the Federal Government – A New Front in the Battle for Privacy Opens: Recommendations