SANS NewsBites - Vol: 8, Issue: 28 reports

According to a Government Accountability Office (GAO) report, the Departments of Justice, Homeland Security and State and the Social Security Administration spend a total of US$30 million to acquire data from information resellers for a variety of purposes. According to the study, "while major information resellers that do business with the federal agencies had some measures to protect privacy, they 'are not always fully consistent with the Fair Information Practices,'" which form the basis of the Privacy Act of 1974. The "resellers ... have limited ability to ensure the accuracy of the data they collect." In addition, the agencies apparently do not have consistent policies regarding the use of the data they purchased. According to the report, resellers do not believe they need to be completely compliant with the Privacy Act because they do not collect their data directly from individuals.