System keeps data ‘indefinitely’
Published 9:30 am Monday, June 15, 2015
WASHINGTON — A government data warehouse stores personal information forever on millions of people who seek coverage under President Barack Obama’s health care law, including those who open an account on HealthCare.gov but don’t sign up for coverage.
At a time when major breaches have become distressingly common, the vast scope of the information — and the lack of a clear plan for destroying old records — have raised concerns about privacy and the government’s judgment on technology.
“A basic privacy principle is that you don’t retain data any longer than you have to,” said Lee Tien, a senior staff attorney with the Electronic Frontier Foundation. “The more data you keep, the more harm an attacker or unauthorized person can do.”
Email newsletter signup
Electronic record-keeping systems are standard for businesses and government agencies. But they are supposed to have limits on how long data is kept.
The health care system, known as MIDAS, is described on a federal website as the “perpetual central repository” for information that the Affordable Care Act authorizes federal agencies to collect.