Decision Intelligence: Data Privacy

Government agencies have masses of personally identifiable information (PII), such as Social Security numbers, health records and financial details, at their disposal, and they need effective ways to gather, manage, store and secure it. But to what extent should organizations collect personal data, and for what purposes? And to whom does it belong?

Data privacy is about an individual’s right to have some control over how their personal information is collected and used. As the world becomes more technologically advanced and government relies on more automated systems, our personal information can go well beyond its original source — and we might have little idea what happened to it.

For instance, many agencies are using automated decision-making (ADM) systems. They can be
very helpful: Using artificial intelligence (AI), ADM systems assist or replace human efforts to make potentially life-altering decisions related to public benefits, policing, housing, health care, immigration, education, emergency response, child welfare and other concerns.

However, it’s often unclear how much data an ADM system uses and what it ultimately does with the information. Does it eventually sell your personal information to a partner, parent company or subsidiary?

Government Regulation

The federal government has some laws related to sector-specific data privacy. The U.S. Privacy Act establishes rights and restrictions regarding the data that government organizations hold. The Health Insurance Portability and Accountability Act, commonly known as HIPAA, protects health care and health insurance personal data. The Family Educational Rights and Privacy Act safeguards student records.

And the Gramm-Leach-Bliley Act protects personal, non-public financial information, while the Children’s Online Privacy Protection Act regulates the collection of personal details for children younger than 13. Congress has considered, but not enacted, broader privacy legislation.

At the state level, California enacted the first state privacy law in 2018 and, via ballot initiative, established a more comprehensive version in 2022. Four other states — Colorado, Connecticut, Utah and Virginia — enacted statutes that take effect in 2023. By and large, all five laws differ from federal requirements in one important way: They establish a person’s individual right to control their personal information — akin to the European Union’s expansive General Data Protection Regulation — while federal laws simply take a “harms-prevention-based” approach that tries to prevent or mitigate potential problems.

The American populace has little faith in public and private organizations’ ability to protect personal data, and people struggle to control their own information. According to a recent survey, 70% of U.S. respondents think it’s become harder to control who accesses their personal, online information. And only 26% of respondents think that current data privacy laws are good enough.

This article appears in our guide, “Decision Intelligence: New Possibilities for Data-Based Decision-Making.” For more about how agencies are using data in practical ways, download it here:

Photo by Pixabay at pexels.com

Leave a Comment

Leave a comment

Leave a Reply