PointofLaw.com
 Subscribe Subscribe   Find us on Twitter Follow POL on Twitter  
   
 
   

 

 

Government Data Gaffes

| No Comments


On Tuesday--a day early, the Fed released the minutes of its March Open Market Committee meeting to recipients on the Hill and at financial institutions and trade associations. The Fed explained that the early release was accidental and released the minutes to everybody else on Wednesday morning--earlier than it otherwise would have. There is no reason to conclude that the Tuesday release was anything other than an innocent mistake. This incident nevertheless serves as a good reminder of the dangers of assuming that sensitive nonpublic information is safe in government hands.

Another reminder came last month, when the Securities and Exchange Commission's inspector general released a report about the SEC's information controls. The report found, among other things, that there is nothing preventing SEC employees, contractors, and interns "from saving and uploading sensitive or nonpublic information on non-SEC computers." The inspector general also found that the SEC did not have proper protocols for tracking information exchanged with the Financial Stability Oversight Council, the Office of Financial Research, and other agencies. When the SEC adopted Form PF (which the SEC uses to collect data for the FSOC) in 2011, it said that "our staff is working to design controls and systems for the use and handling of Form PF data in a manner that reflects the sensitivity of this data and is consistent with the confidentiality protections established in the Dodd-Frank Act." The inspector general's report suggests that there is still work to be done.

In addition to taking tougher measures to protect nonpublic, sensitive data, regulators should think carefully about how much information they need. When they decide to collect information, they should take into account the possibility of unintentional or intentional data leaks and the potential consequences of such leaks. Sometimes, the government's need for the information will be outweighed by the harm that would occur if the information were improperly disclosed. Regulators should not simply assume that mistakes will never happen.

Leave a comment

Once submitted, the comment will first be reviewed by our editors and is not guaranteed to be published. Point of Law editors reserve the right to edit, delete, move, or mark as spam any and all comments. They also have the right to block access to any one or group from commenting or from the entire blog. A comment which does not add to the conversation, runs of on an inappropriate tangent, or kills the conversation may be edited, moved, or deleted.

The views and opinions of those providing comments are those of the author of the comment alone, and even if allowed onto the site do not reflect the opinions of Point of Law bloggers or the Manhattan Institute for Policy Research or any employee thereof. Comments submitted to Point of Law are the sole responsibility of their authors, and the author will take full responsibility for the comment, including any asserted liability for defamation or any other cause of action, and neither the Manhattan Institute nor its insurance carriers will assume responsibility for the comment merely because the Institute has provided the forum for its posting.

Related Entries:

 

 


Isaac Gorodetski
Project Manager,
Center for Legal Policy at the
Manhattan Institute
igorodetski@manhattan-institute.org

Katherine Lazarski
Press Officer,
Manhattan Institute
klazarski@manhattan-institute.org

 

Published by the Manhattan Institute

The Manhattan Insitute's Center for Legal Policy.