Stuart Brotman via Government Executive
Privacy and cybersecurity are a two-sided coin. When a government agency asks individuals to provide personally identifiable information, many may be comfortable doing so. But if those individuals learn that information may be shared with third parties, such as government contractors, who may use it in wholly unintended ways, they likely would feel far less comfortable sharing that information. And if the third-party data storage system is hacked, the breach can raise serious cybersecurity concerns, both for the integrity of the system and the privacy of the individuals whose information has been obtained by bad actors.
This chain reaction begins at the government level—whether federal, state, or local. Government agencies have the highest obligation to provide transparency to the public regarding the personally identifiable information, or PII, they provide to contractors, for what purpose, and with what level of confidence that the contractor has a robust cybersecurity system in place to prevent unauthorized internal and external access. Yet today, once people submit data to complete a government application, there is little if any notice regarding how an agency will provide that information to others. There may be valid reasons for such third-party access, but at a minimum, agencies should be legally obligated to disclose this at the time such information is requested.
Read more at www.govexec.com