GAO report requests update of 2002 E-Government Act to reflect Web 2.0 privacy needs

A new GAO report released today finds that the existing laws and regulations are not adequately reflecting privacy needs in the changing technology landscape. The report highlights specifically that agencies using Web 2.0 and data mining tools need to find ways to protect private information. The key findings are:

  • Applying privacy protections consistently to all federal collection and use of personal information. The Privacy Act’s protections only apply to personal information when it is considered part of a “system of records” as defined by the act. However, agencies routinely access such information in ways that may not fall under this definition.
  • Ensuring that use of personally identifiable information is limited to a stated purpose. Current law and guidance impose only modest requirements for describing the purposes for collecting personal information and how it will be used. This could allow for unnecessarily broad ranges of uses of the information.
  • Establishing effective mechanisms for informing the public about privacy protections. Agencies are required to provide notices in the Federal Register of information collected, categories of individuals about whom information is collected, and the intended use of the information, among other things. However, concerns have been raised whether this is an effective mechanism for informing the public.
Agencies using Web 2.0 and data mining tools are instructed to take the following steps:
  • assessing the privacy implications of a planned information system or data collection prior to implementation;
  • ensuring the implementation of a robust information security program; and
  • limiting the collection of personal information, the time it is retained, and who has access to it, as well as implementing encryption.

The report points out many important issues and I agree that it is immensely important that government agencies have information security and privacy protection systems in place that prevent data breaches and leakages of user information to third parties.

 

Nevertheless, the implications of the report’s requests for the use of Web 2.0 applications and especially innovative data mining tools are reaching beyond privacy protection issues and might have unintended consequences. Many of the social media directors I talked to in the past two years have reported an important challenge in their use of social media tools: Measuring and analyzing the impact of their social media interactions.

 

So far very few agencies actively measure and analyze their online interactions. This is mainly due to the previously existing cookie policy, resulting learned routines to not capture user data, and the existing survey restrictions that require agencies to go through a lengthy approval process before they can ask citizens for feedback.

 

While I am very much in favor of protecting personal information, such as health data, personal browser histories outside of government websites, I see a lot of value in developing appropriate measures and routines to capture digital interactions. Government needs to be able to understand online social interactions beyond the pure quantitative numbers of followers on Twitter or likes on Facebook – which are most of the time publicly observable. Instead, I believe agencies should have routines in place to understand how issues related to their mission are publicly discussed, or how information is snowballing through online social networks. Agencies need to be able to draw conclusions from data they are collecting to understand their online impact.

 

Again, the report has important implications for agencies for reviewing their privacy policies and implementation of these policies. However, I hope that it won’t restrict innovation in social media analytics, won’t prevent agencies from understanding how well they are doing online and to what extend their digital interactions are fulfilling the agency’s mission.

A list of existing rules and regulations relevant to use the use of Web 2.0 technologies in the U.S. federal government is available on HowTo.gov and on my blog.

Advertisements

About Ines Mergel

I am Full Professor of Public Administration at the Department of Politics and Public Administration at University of Konstanz, Germany. Previously, I served as Assistant and then Associate Professor (with tenure) at the Maxwell School of Citizenship and Public Affairs, Syracuse University, NY. In my research, I focus on informal social networks in the public sector and the adoption and diffusion of digital service innovations in government organizations. I teach classes on social media management, digital government, public management, and social network analysis.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s