A Transparent TARP?

Recently, CDT was asked to testify about the ways that technology can be used to improve financial oversight during a 2009 congressional session that saw “bank bailouts,” “housing markets” and “economic stability” become commonly used buzzwords. While TARP and mortgages aren’t our usual area of expertise, we have a lot to say on how Congress can ensure that the databases supporting these endeavors can help the government be more transparent and protect privacy at the same time.

The Troubled Asset Relief Program – or TARP – has been in the news a lot lately, as the program designed to strengthen the financial sector comes under scrutiny from the media and the public to figure out whether or not the program is actually working. Unfortunately, there hasn’t been an effective way to track TARP funding, in part because so many agencies are involved in distributing the money. One of the bills we discussed, H.R. 1242 (and companion bill S. 910), would create a centralized database for TARP information. It’s surprising that a program of this size doesn’t already have a way to consolidate the information around it’s expenditures, but not even the oversight committee has an easy time tracking the dollars. TARP funds are distributed by 25 agencies, using incompatible and outdated systems to track spending. The H.R. 1242 database would not only centralize this information for easy access, but would require almost real-time updates to the information.

We believe that the database needs to be made public in order to allow the media, watchdogs, and citizens to see how TARP money is being spent. A good example to follow is the Recovery.gov website, which pulls together information from the 28 agencies distributing Recovery Act funds. The site allows users to sift through stimulus contracts in useful ways and, though not perfect, it is an incredibly important step in keeping the public in-the-know. The lack of a similar site for TARP has made it difficult for the public to understand the program – so it’s a perfect opportunity to make a government database public.

Another bill we talked about in our testimony, H.R. 932 looks to improve technology for oversight on housing issues by linking location information to mortgage information, making it easier to track foreclosures, abusive lending practices, and vacancies. Currently, land parcel information is kept by counties, but centralizing them would allow regional analyses of the housing crisis and regional responses. Of course, if regional geo-databases are created, they may not fall under the privacy protections imposed on the federal government. In that case, it will be vital to ensure that the databases are subject to privacy and security protections. The financial information that can be correlated to land parcels is both personally identifiable and sensitive, as financial information is defined as sensitive by almost all definitions.

So, if we are worried about the privacy implications of geospatial databases, why aren’t we worried about the privacy implications of making TARP information – including possibly information about the top executives at each institution – public? It’s because there are already protections on information that is held by the government, and because all the information that goes into the H.R. 1242 database is already gathered and maintained by the government. The Privacy Act, the Freedom of Information Act, and the E-Government Act form a strong framework of privacy protections for information that is held by the government.

The main law governing how government protects and uses the personal information it holds is the Privacy Act of 1974. This law prohibits the disclosure of records to other agencies or third parties without the consent of the individual to whom the record pertains. The Freedom of Information Act (FOIA), passed in 1966, also includes some important privacy provisions to protect information about individuals that is held by the government. In particular, agencies are not to release personal data under FOIA.

CDT has raised concerns about the current status of Privacy Act coverage in other contexts, including the location data and images in government housing databases from the same hearing. In these cases, information is held in a relational or distributed database and key hooks in the Privacy Act may not be met. However, personal information about corporate employees under the TARP would most certainly be protected under the law.

The more recent E-Government Act of 2002, instituted provisions to protect privacy as new, digital information collections are created for use in government. Most notably under the Act, Federal agencies are required to perform privacy impact assessments (PIAs) on all new collections of 10 or more persons. These PIAs are intended to be public documents that clarify the ways that federal agencies collect, manage and use personal information. In the case of the TARP database, a PIA would be required and would be publicly available. Even if the other protections fail, we would be aware of what would be posted before it happened and privacy advocates would work with Congress and others to ensure that all personal identifiers are removed before posting data about TARP online.

The nexus between government transparency and protecting citizen privacy can be a tricky issue. However, here it seems that there are some common sense ways to make sure the public stays informed about TARP, and some important protections that should be put in place to protect databases of information about the housing crisis. CDT looks forward to continuing to be involved in discussions like these as Congress continues to examine new ways to use technologies and data to be more transparent and efficient.