Protecting personal privacy has become a more significant issue in recent years with the advent of new technologies and the proliferation of personal information. The federal government collects and uses personal information on individuals in increasingly sophisticated ways for things like law enforcement, border control, and enhanced online interactions with citizens. In the private sector, commercial entities collect, share, and sell vast amounts of personal information for marketing and other purposes. During the Coronavirus pandemic, some companies used the technology to monitor the spread of COVID-19—such as to identify individuals that came in contact with people displaying symptoms.
Policymakers face some key challenges to protecting personal privacy in this environment.
For instance:
The collection or use of personal information by the federal government is governed primarily by two laws: the Privacy Act of 1974 and the privacy provisions of the E-Government Act of 2002. But there is no overarching federal privacy law that governs the collection and sale of personal information among private-sector companies. There is also no federal statute that gives consumers the right to learn what information is held about them for marketing purposes and who holds it. Congress could consider strengthening the consumer privacy framework.
Companies increasingly use numeric scores to predict how consumers will behave. These scores are based on hundreds of pieces of information about a person's purchases and personal characteristics. Scores are used, for example, to target ads or provide individualized pricing. Unlike traditional credit scores, these scores may not be subject to consumer protection laws that seek to ensure fair and transparent treatment. Congress could play an important role in establishing appropriate consumer protections related to numeric scores, which includes considering the rights of consumers to view and correct the data used to create the scores.
The privacy notices that banks and credit unions provide to consumers do not give a complete picture of the information institutions collect on consumers and potentially share with retailers, marketers, government agencies, and others. The Consumer Financial Protection Bureau could update this privacy notice form to ensure that consumers are better informed about all the ways banks and credit unions collect and share personal consumer information.
Thousands of K-12 students had their personal information (including grades, bullying reports, and Social Security numbers) compromised in data breaches between 2016 and 2020. This raises concerns about the security of student data.
Many federal IT systemsneedstronger privacy practices and safeguards to protect the personally identifiable information they hold.
Tax returns are filled with sensitive personal and financial data—which the Internal Revenue Service (IRS) is expected to protect. However, recent disclosures of sensitive taxpayer data have made headlines and raised concerns about IRS's ability to safeguard taxpayer information.
Threats to anonymity and other privacy risks of emerging technologiesused for law enforcement or commercial purposes (such as geolocation and biometric applications) need to be addressed. For example, the Department of Homeland Security has been working to replace its outdated biometric identity management system that matches fingerprints and facial features. DHS expects the new system to store hundreds of millions of identities. But DHS needs to do much more to protect the privacy of individuals whose information is in this new system.
Additionally, many federal agencies that employ law enforcement officers use facial recognition technology. However, they don’t all track employee use of non-federal systems and assess the risks these systems can pose regarding privacy, accuracy, and more.