Information Technology: Government-Wide Guidance on Handling Data Could Improve Civil Rights and Civil Liberties Protections
Fast Facts
Emerging technologies—like facial recognition or AI—have rapidly increased the amount of personally identifiable information federal agencies collect, share, and use.
This Q&A report examines how agencies protect the public’s civil rights and civil liberties while using personal data. Some agencies have policies and procedures to guide them in these efforts. But the specifics are different across agencies because there’s no government-wide laws or guidance.
We suggested that Congress direct an agency to issue government-wide guidance or regulations that consider civil rights and civil liberties protections when using personal data.
Highlights
What GAO Found
Emerging technologies and data capabilities have led to rapid increases in the amount of personally identifiable information (PII) collected, shared, and used. Given the threat posed by these technologies, many federal agencies have taken actions to protect civil rights and civil liberties:
- All 24 Chief Financial Officers Act of 1990 agencies designated an accountable official to oversee protection of civil rights, while seven of 24 designated an official for civil liberties.
- Sixteen of the 24 agencies reported addressing civil rights and civil liberties protections either in separate policy and procedures or in privacy compliance activities. The remaining eight agencies reported not considering civil rights and civil liberties protections in their policies or compliance activities.
The results of GAO’s questionnaire sent to the 24 agencies show that the two most frequently mentioned challenges with protecting the public’s civil rights and civil liberties were (1) 12 agencies citing complexities in handling protections associated with new and emerging technologies, and (2) 11 agencies reporting a lack of qualified staff possessing needed skills in civil rights, civil liberties, and emerging technologies. Further, eight of the 24 agencies believed that additional government-wide law or guidance would strengthen consistency in addressing civil rights and civil liberties protections. One agency noted that such guidance could eliminate the hodge-podge approach to the governance of data and technology.
Existing federal laws and guidance do not provide a comprehensive government-wide and technology agnostic approach to protecting the public’s civil rights and civil liberties while using sensitive data. Agencies pointed out that emerging technologies pose new questions and concerns with protecting civil rights and civil liberties. Therefore, it is important for Congress to direct an appropriate federal entity to issue government-wide guidance or regulations that address a broad approach to considering civil rights and civil liberties protections. Until such guidance or regulations are issued, there is an increased risk of agencies’ collection, sharing, and use of data potentially violating the public’s civil rights and civil liberties.
Why GAO Did This Study
GAO was asked to examine federal agencies’ civil rights and civil liberties protections related to data collection, sharing, and use. This report examines laws and guidance pertaining to civil rights and civil liberties, efforts the 24 Chief Financial Officers Act of 1990 agencies are taking to protect the public’s civil rights and civil liberties when collecting sharing, and using data, and the challenges with protecting civil rights and civil liberties while using personal information.
link