State Dept. Privacy Invasions No Surprise

Revelations today that contractors at the State Department read Barack Obama's passport history with no authorization in possible violation of the Privacy Act come as no great shock to the privacy community.

In fact, the only reason that this serious breach was caught was because of the high visibility of the victim. Contractors who decide to look up old girlfriends, or worse, regularly use the information for stalking may never be caught, as we have seen in other agencies that do a slightly better job of privacy control.

My organization has expressed concern about the State Department's privacy program frequently over the past two years. They simply do not have the resources to do an effective job. It seems that the goal is to meet the obviously low standard of "satisfactory" in the annual FISMA report.

If State is "satisfactory" today, think how bad things must be at the Defense Department, the only department to receive a "failing" rating on their privacy impact assessment implementation according to the inspectors general.