• Does the information-based program operate with the least personal data consistent with its objective?

  • Does the program access, disseminate, and retain only necessary data?

  • Have data by which specific individuals can be commonly identified (e.g., name, address, telephone number, Social Security number, unique title, and so on) been removed, encrypted, or otherwise obscured whenever possible?

  • Are there reasonable guarantees that the personal data to be used by an information-based program are appropriate, sufficiently accurate for the stated purpose, and reliably available?

  • Are the sources of those personal data clearly identified?

  • Is access to the information-based program restricted to persons with a legitimate need and protected by appropriate access controls, taking into account the sensitivity of the data?

  • Is it lawful for the source to supply the data and for the agency to obtain the data?

  • Are the data and the manner in which they are obtained consistent with U.S. values?

  • Does their use deter the exercise of constitutionally protected rights?

  • If an information-based program uses personal data from other government agencies or from private industry, are the appropriate additional protections in place?

  1. Redress

    • Is there a process in place for identifying the frequency and effects of false positives and for dealing with them (e.g., reporting false positives to developers to improve the system, correcting incorrect information if possible, remedying the effects of false positives as quickly as practicable, and so on)?

    • Have the likely effects on individuals identified through the information-based program been defined clearly (e.g., they will be the subject of further investigation for which a warrant will be sought, they will be subject to additional scrutiny before being allowed to board an aircraft)?

    • Has the information-based program been demonstrated to yield a rate of false positives that is acceptable in view of the purpose of the search, the severity of the effect of being identified, and the likelihood of further investigation?

The National Academies of Sciences, Engineering, and Medicine
500 Fifth St. N.W. | Washington, D.C. 20001

Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement