Privacy & Information Security Law Blog

On November 15, 2013, the U.S. Government Accountability Office (“GAO”) released a report (the “Report”) finding that the current federal statutory privacy scheme contains “gaps” and “does not fully reflect” the Fair Information Practice Principles (“FIPPs”). The Report focused primarily on companies that gather and resell consumer personal information, and on the use of consumer personal information for marketing purposes.

The gaps identified in U.S. federal laws include failures to “fully address” new technologies, such as mobile devices and mechanisms for tracking consumer online behavior. Similarly, according to the Report, current federal laws contemplate neither the voluminous sharing of consumer personal information among third parties, nor the immense market for consumer personal information. In addition, the statutory framework does not fully reflect the FIPPs because consumers have only minimal control over how their information is collected, processed and disclosed to third parties for marketing purposes.

In addition to recommending updates to the federal statutory framework to account for new technologies and an expanded market for consumer personal information, the Report advises Congress to consider (1) consumers’ ability to access, correct and control their personal information; (2) whether additional restrictions are needed on the types of personal information that may be collected and shared; and (3) whether changes should be made to better control the sources and methods for consumer data collection.