If It’s Against Your Privacy Policy, Just Change It

Daniel Solove
Founder of TeachPrivacy

Social Security Administration

According to an article in the NY Times, documents obtained by the Electronic Privacy Information Center from the Social Security Administration (SSA) reveal that the SSA disclosed personal information in response to FBI requests after 9-11:

The Social Security Administration has relaxed its privacy restrictions and searched thousands of its files at the request of the F.B.I. as part of terrorism investigations since the Sept. 11, 2001, attacks, newly disclosed records and interviews show.

The privacy policy typically bans the sharing of such confidential information, which includes home addresses, medical information and other personal data. But senior officials at the Social Security agency agreed to an “ad hoc” policy that authorized the release of information to the bureau for investigations related to Sept. 11 because officials saw a “life-threatening” emergency, internal memorandums say.

The Internal Revenue Service also worked with the bureau and the Social Security agency to provide income and taxpayer information in terror inquiries, law enforcement officials said. Officials said the I.R.S. information was limited because legal restrictions prevented the sharing of taxpayer information except by court order or in cases of “imminent danger” or other exemptions. The tax agency refused to comment.

The Social Security memorandums were obtained through a Freedom of Information Act request by the Electronic Privacy Information Center, a civil liberties group here. Copies were provided to The New York Times. . . .

The director of the Open Government Project at the Electronic Privacy Information Center, Marcia Hofmann, acknowledged the need for investigators to have access to vital information.

“But an ad hoc policy like this is so broad that it allows law enforcement to obtain really sensitive information by merely claiming that the information is relevant to the 9/11 investigation,” Ms. Hofmann said. “There appears to be very little oversight.”

Wouldn’t it be nice if the government just came clean with what it did after 9-11?  Then we could discuss and evaluate it without having to wait for little bits and pieces of the story to trickle out.  Getting information about the government’s activities is too often like pulling teeth.  This feeds distrust about the government’s law enforcement activities as well as makes people unsure that they are ever being given the complete story about what the government is doing with their personal data.  And what good is a privacy policy if it is conveniently rewritten the minute an agency wants to do something different?  I am not opining on whether or not the records ultimately should have been shared with the FBI, but the way it was done – secretly, without judicial supervision, and then kept quiet until now — strikes me as very problematic.

Originally posted at PrawfsBlawg

* * * *

This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.

Professor Solove is the organizer, along with Paul Schwartz, of the Privacy + Security Forum and International Privacy + Security Forum, annual events designed for seasoned professionals.

If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
*
LinkedIn Influencer blog
*
Twitter
*
Newsletter

TeachPrivacy Ad Privacy Training Security Training 01