As you all know, most jurisdictions allow individuals to ask for data collected by an organization (being it a company or a governmental organization). A lot of countries have Data Protection Commissioners that look into what companies and more often governments do with regards to PII (Personal Identifiable Information). After 9/11 the United States forced airlines to violate the local Privacy Legislation as the airlines had – if they wanted to fly to the US – deliver PII to the US (mainly information in the Passenger Name Record), which then had to be accepted by the Data Protection Commissioners as they would kill the airline business if the airlines would not be allowed to do so. So, the US seems to have the power to make companies violate the laws – the background is the fight against terrorism.

Now they even go a step further by circumventing their own legislation: According to Federal Computer Week (Analysis tool exempt from some privacy laws) the DHS developed a system to collect and analyze data collected by immigration and customs. Even worse, they seem to correlate data from different sources: DHS-internal sources as well as commercial databases. The key point is that they decided to exclude this system from several Privacy Acts. Therefore you will not be able to look into the data they collect and make sure it is accurate. If the article mentioned above is correct, it really scares me. Look at that:

The information contained by ICEPIC can include names, dates of birth, phone numbers, addresses, nationalities, fingerprints, photographs, a person's immigration history and alien registration information, according to DHS. Agents and analysts can also use commercial databases to verify or resolve any gaps in ICEPIC data.

So, they start to analyze and if some data points are inaccurate there is no way for you to know and most probably no way for you to make them correct it – scary, isn't it?

Roger