The report also found that federal agencies themselves lack policies on the use of reseller data and follow inconsistent practices with regard to data disclosure, purpose and accountability.
The GAO report is based on a study of fiscal year 2005 contracts for the acquisition of personal data from information resellers by the Departments of Justice, Homeland Security and State and the Social Security Administration.
Together, the agencies spent US$30 million purchasing data from private information brokers for a wide variety of purposes, including locating witnesses and fugitives, researching assets held by individuals of interest, detecting immigration fraud, border screenings and prescription drug fraud.
"Recent security breaches at large information resellers such as ChoicePoint Inc. and LexisNexis Group have raised questions about how resellers and their federal customers handle people's personal information," Linda Koontz, the director of information management issues at the GAO, said in testimony before a House Judiciary Subcommittee.
The study showed that while major information resellers that do business with the federal agencies had some measures to protect privacy, they "are not always fully consistent with the Fair Information Practices," on which the Privacy Act is based on, Koontz said.