<b>Online Exclusive:</b> GAO Report Finds Gaps, Loopholes in Federal Data Collection Laws

A new report by the Government Accountability Office ('GAO') finds that Congress can significantly strengthen federal privacy laws by requiring data collection and reseller firms to improve their privacy safeguards and by enhancing the authority of the Federal Trade Commission ('FTC') to issue civil penalties for violations of current federal privacy laws.

The report, 'Information Security: Key Federal Privacy Laws Do Not Require Information Resellers to Safeguard All Data,' can be read at www.gao.gov/new.items/d06674.pdf.

GAO found widespread uses for individuals' information that is collected by companies such as LexisNexis and Experien. Banks, insurers, credit card companies, and other financial institutions use the information to check creditworthiness by credit seekers, to ensure their own compliance with the PATRIOT Act's money-laundering and citizenship provisions, and to develop targeted marketing programs.

However, the two primary federal laws that affect financial institutions ' the Gramm-Leach-Bliley Act ('GLBA') and the Federal Credit Reporting Act ('FCRA') ' do not cover all institutions, nor all types of privacy situations. GAO called the laws' applicability 'limited.'

Thus, GAO suggests that Congress step in and give the FTC, which has primary enforcement authority, greater powers. It also suggests that the insurance industry receive extra attention from state regulators, because the gaps under GLBA are more significant.

A new report by the Government Accountability Office ('GAO') finds that Congress can significantly strengthen federal privacy laws by requiring data collection and reseller firms to improve their privacy safeguards and by enhancing the authority of the Federal Trade Commission ('FTC') to issue civil penalties for violations of current federal privacy laws.

The report, 'Information Security: Key Federal Privacy Laws Do Not Require Information Resellers to Safeguard All Data,' can be read at www.gao.gov/new.items/d06674.pdf.

GAO found widespread uses for individuals' information that is collected by companies such as LexisNexis and Experien. Banks, insurers, credit card companies, and other financial institutions use the information to check creditworthiness by credit seekers, to ensure their own compliance with the PATRIOT Act's money-laundering and citizenship provisions, and to develop targeted marketing programs.

However, the two primary federal laws that affect financial institutions ' the Gramm-Leach-Bliley Act ('GLBA') and the Federal Credit Reporting Act ('FCRA') ' do not cover all institutions, nor all types of privacy situations. GAO called the laws' applicability 'limited.'

Thus, GAO suggests that Congress step in and give the FTC, which has primary enforcement authority, greater powers. It also suggests that the insurance industry receive extra attention from state regulators, because the gaps under GLBA are more significant.