Sixty-nine percent of the records were used for law enforcement investigations, including immigration fraud, while 22 percent were used for counterterrorism, according to a report by the Government Accountability Office.
Linda Koontz, director of information management at GAO, said she found that agencies have taken steps to address privacy and security of information bought from resellers, but the standards were sometimes inconsistent.
Koontz said the GAO did not test the security protecting the data bought by the government from resellers, but past tests government-wide have found serious security weaknesses.
"In this post-September 11th world, however, it is no easy task to balance the competing goals of keeping our nation secure while at the same time protecting the privacy rights of our nation's citizens," said Cannon, who chaired a hearing before the House Judiciary Subcommittee on Commercial and Administrative Law.
"Unfortunately, we continue to receive reports from the GAO finding shortcomings in how federal agencies safeguard personal information and the private sectors' vulnerability is highlighted by the many high-profile database breaches in recent years."
Last year, ChoicePoint, which maintains tens of millions of records, had its security penetrated, resulting in the compromise of records relating to 145,000 people. A similar breach at Lexis/Nexis resulted in records on 300,000 people being accessed.
Privacy concerns also have been raised by the government's use of data bought from such data resellers.
"Modern technology and security concerns have greatly threatened the privacy of the personal information of every American," said Rep. Jerrold Nadler, D-N.Y. "The nexus between private information resellers and government action is especially troubling. How we handle these complicated issues will affect the lives of every American."
The privacy office at the Department of Homeland Security, which Cannon helped create, was praised as a model for other agencies.
Maureen Cooney, acting privacy officer at DHS, said one of the key aspects of the department's policy is conducting a privacy impact statement to determine what information will be gathered, how it will be protected, who will have access and how long it will be retained.
Peter Swire, a law professor at Ohio State University and a former privacy adviser to President Clinton, said the White House needs a privacy office to shape government-wide policies and make sure they are implemented throughout the government.
