Personal data on federal forms may travel further than expected

Thursday, October 31, 2002

WASHINGTON -- Student aid applicants, check the fine print. That information you put on your application to the U.S. Department of Education is being shared with the Pentagon, Justice Department and other agencies -- even private companies like debt collectors.

A report released Wednesday by congressional investigators found government agencies frequently share information from various federal applications -- sometimes without the applicant's knowledge of where it might go. And it's legal.

"People are generally unaware of all of the sharing," said Ari Schwartz of the Center for Democracy and Technology, a civil liberties organization based in Washington.

The information sharing ranges from passport application data -- which can be shared with foreign governments -- to details on farm loan applications. The law requires that agencies that receive the applicant's form must disclose how they use the information.

Told in detail

Education Department spokeswoman Stephanie Babyak said applicants are told in detail on the paper and electronic forms of their applications that information will be shared. They list some, but not all federal agencies that will receive information, and they don't always specify what outside companies might also see it.

She said such sharing of information is needed to process the application.

The General Accounting Office -- Congress' investigative arm -- checked four often-used government forms to see how the agencies collected and shared information both inside and outside of government. The report listed all the ways agencies share personal data, some of which are not explicitly listed on the form itself.

Much of the sharing is due to "computer matching agreements," a way to automate routine checks.

If an applicant is delinquent on a federal loan, application information goes to a private collection bureau. The Education Department also sends the student's personal financial information to state agencies to coordinate student aid.

Federal information-sharing agreements and the convenience of sharing computer data make swapping Americans' most sensitive personal information easy to do.

Investigators found the agencies largely complied with federal information sharing and privacy regulations.

"These four agencies' handling of personal information varied greatly -- including the types and amount collected -- and a wide range of personnel had access to the information," investigators wrote. "We did, however, note isolated instances of forms that were not accurate or current, and other forms that did not contain the proper privacy notices."

The four forms were the Education Department's student aid request, Agriculture's standard loan form for farmers, Labor's federal worker's compensation form and a passport application from the State Department.

The sharing is allowed under an exception in the Privacy Act, which protects a person's information from sharing without prior consent. Called the "routine use exception," agencies must make a public statement in the Federal Register every time they want to share data in a new way.

But Schwartz said the disclosure doesn't make it much easier for applicants to figure out.

"There's one every day, they're very difficult to read, and they're listed vaguely," Schwartz said. "It's the easiest place to claim an exemption."

Legislation proposed by Sen. Joseph Lieberman, D-Conn., who requested the GAO report, would require more detailed privacy impact statements on such databases. The Senate has passed the bill and the House is expected to take it up after the election recess.

Even though the agencies must tell applicants how their information will be used, they are usually left with a Hobson's choice: Either provide the information and watch it shared throughout the government and elsewhere, or don't apply and forego the student aid, passport or other service.

The GAO also found that many federal employees at the individual agencies can see that information. Up to 13 different types of State Department workers -- from civil service clerks and foreign workers at U.S. embassies to employees at Mellon Bank, which handles some passport renewals -- have access to passport application data.

Schwartz said privacy concerns are likely to increase as the government relies more on digital forms.

"We need to make sure that the Privacy Act is kept up to date and still relevant," he said.


On the Net:

General Accounting Office:

Center for Democracy and Technology:

Sen. Joseph Lieberman:

Respond to this story

Posting a comment requires free registration: