Schneier points out that the Electronic Privacy Information Center (EPIC) has a some good information on the security of tax data in the IRS. I'm having flashbacks to various credit reporting agencies, personal information database companies, and other companies that manage LARGE volumes of personal data (most of which we never know is being gathered.)

When will someone start the "opt in" movement that will require any company gathering information about individuals to obtain their permission to do so? When I was teaching an information security program to companies in Europe they reminded me of their strict information gathering and storage laws. Did you know that in many European countries you cannot store video surveillance tape data for more than 1-2 weeks?!

Update: In other news, IRS Proposes Changes That Would Allow Accountants To Sell Tax Return Information (full story here)

Advertisements