┌──────────────────────────────────────────────────────────────┐
  RECORD TYPE ......... ANNOTATION — SOURCED RECORD
  REGISTRY NO. ........ MARG-0581
  SLUG ................ /gao-civil-rights-impact-assessment-data-brokers
  STATUS .............. ACTIVE
  FILED ............... 2026-06-21 23:10 UTC
  LAST ANNOTATED ...... 2026-06-21 23:10 UTC
  CLAIMS ON FILE ...... 6
  MEAN TAG CONFIDENCE . 0.85
└──────────────────────────────────────────────────────────────┘
PENDING

GAO Methodology for Civil Rights Impact Assessment in Data Broker Audits

This dossier investigates the methodology used by the U.S. Government Accountability Office (GAO) for assessing 'civil rights impact' in its audits, particularly as it would apply to federal agencies' purchases of data from data brokers. Federal agencies collect and use data from information resellers, a practice that has been acknowledged by the GAO as requiring better protections (GAO-08-543T, 2008). Data broker practices, such as data-driven profiling, can result in human rights infringements and raise concerns about regulatory safeguards and oversight mechanisms. While new Civil Rights Audit Standards have been developed by an independent committee for U.S. businesses (2024), it is unclear if or how these specifically apply to GAO's auditing processes for government data acquisition. The Department of Homeland Security (DHS) has established its own civil rights and civil liberties impact assessment tool for reviewing departmental programs.

The GAO, as an independent government watchdog, would likely apply a rigorous, fact-based methodology for assessing civil rights impacts in its audits of government data broker purchases. This methodology would involve reviewing existing agency policies, identifying potential risks to protected groups, and evaluating the effectiveness of safeguards, similar to DHS's use of a civil rights and civil liberties impact assessment tool. The GAO's established protocols for thorough research and vetting would ensure any findings are credible and actionable, potentially drawing upon emerging standards for civil rights audits.

It is not clear that the GAO has a specific, publicly detailed methodology for assessing 'civil rights impact' directly applicable to data broker purchases, distinct from its general audit standards. While the GAO has noted the need for better protections regarding government use of data from information resellers, this does not explicitly outline a civil rights-focused audit framework. The new Civil Rights Audit Standards are designed for U.S. businesses, not necessarily for federal auditing bodies, and the extent to which data broker practices are currently subject to sufficient regulatory safeguards and oversight when agencies purchase data remains a concern.

  1. SINGLE-SOURCECONF 0.60

    The GAO reports facts that are thoroughly researched and vetted, supported by extensive protocols and procedures to ensure its independence.

    — attributed to: A Reddit user claiming knowledge of GAO operations

    • https://www.reddit.com/r/OutOfTheLoop/comments/1gqftbu/whats_going_on_with_the_department_of_government/
  2. VERIFIEDCONF 1.00

    Federal agencies collect and use data from information resellers, and this practice could benefit from better protections.

    — attributed to: U.S. Government Accountability Office (GAO)

    • https://www.govinfo.gov/content/pkg/GAOREPORTS-GAO-08-543T/html/GAOREPORTS-GAO-08-543T.htm
  3. CORROBORATEDCONF 0.90

    Data brokers' practices can result in human rights infringements.

    — attributed to: Policy Review, Open Society Foundations

    • https://policyreview.info/articles/analysis/untamed-and-discreet-role-data-brokers-surveillance-capitalism-transnational-and
    • https://www.opensocietyfoundations.org/uploads/42d529c7-a351-412e-a065-53770cf1d35e/data-brokers-in-an-open-society-20161121.pdf
  4. SINGLE-SOURCECONF 0.70

    Data access and analysis by intelligence agencies are likely to occur without standard regulatory safeguards and oversight mechanisms.

    — attributed to: Interface-EU publication

    • https://www.interface-eu.org/publications/governance_of_data_purchases_by_european_intelligence_agencies
  5. VERIFIEDCONF 1.00

    The Department of Homeland Security (DHS) uses a civil rights and civil liberties impact assessment tool to review departmental programs, policies, or activities and determine their risk of impact on individuals or groups.

    — attributed to: U.S. Government Accountability Office (GAO)

    • https://www.gao.gov/assets/gao-25-106057.pdf
  6. CORROBORATEDCONF 0.90

    New Civil Rights Audit Standards have been developed by an independent committee for U.S. businesses to assess bias and discrimination risks.

    — attributed to: Forbes, PRNewswire

    • https://www.forbes.com/sites/oludolapomakinde/2024/07/25/new-civil-rights-audit-standard-sets-corporate-accountability-benchmark/
    • https://www.prnewswire.com/news-releases/first-ever-civil-rights-audit-standards-for-us-businesses-set-new-benchmark-for-examining-bias-and-discrimination-risks-302205686.html
  • 2008-03-11GAO report GAO-08-543T, 'Privacy: Government Use of Data from Information Resellers Could Include Better Protections,' is issued. [src]
  • 2022-08-04Policy Review article highlights how data broker practices can lead to human rights infringements. [src]
  • 2024-07-25Forbes reports on new Civil Rights Audit Standards setting a benchmark for corporate accountability. [src]
  • 2024-07-25PRNewswire announces the first-ever Civil Rights Audit Standards for U.S. businesses. [src]
  • ORG Government Accountability Office (GAO)Federal auditing agency
  • ORG Department of Homeland Security (DHS)Federal agency with civil rights assessment tools
  • ORG Civil Rights Audit Standards CommitteeDeveloper of new audit standards for businesses
  • ORG Data brokersEntities that collect and sell personal data
  • What specific methodologies or frameworks does the GAO currently employ for assessing civil rights impacts in its audits of federal agencies' data procurement?
  • Are the new Civil Rights Audit Standards (2024) being considered or adapted by the GAO for its audits of government agencies?
  • Has the GAO issued any reports since 2008 (GAO-08-543T) specifically addressing civil rights or civil liberties concerns related to federal agencies' data broker purchases?
  • Do any federal agencies, beyond DHS, have publicly documented civil rights or civil liberties impact assessment tools for their data procurement activities?
  • How does the GAO's IT auditing team specifically address potential civil rights impacts in audits involving technology and data systems?
  1. [WEB] https://www.gao.gov/assets/gao-25-106057.pdf [archived]
    For example, DHS established a civil rights and civil liberties impact assessment tool used by its civil rights and civil liberties policy analysts to review various departmental programs, policies, or activities and determine the risk of impact on a particular group or individua
  2. [WEB] https://www.interface-eu.org/publications/governance_of_data_purchases_by_european_intelligence_agencies [archived]
    6 days ago · As a result, data access and analysis are likely to occur without the regulatory safeguards and oversight mechanisms that are standard for ...
  3. [WEB] https://www.govinfo.gov/content/pkg/GAOREPORTS-GAO-08-543T/html/GAOREPORTS-GAO-08-543T.htm [archived]
    Privacy: Government Use of Data from Information Resellers Could Include Better Protections (11-MAR-08, GAO-08-543T). Federal agencies collect and use ...
  4. [WEB] https://www.policylink.org/sites/plorg/files/2025-08/PolicyLink-CivilRightsAuditStandards_7-24-24vFinal.pdf [archived]
    Where aspects of the civil rights audit are withheld from a public report to preserve the attorney-client privilege, the company should work with the auditor to provide sufficient non-privileged information to allow stakeholders to assess whether the civil rights audit met its st
  5. [WEB] https://www.forbes.com/sites/oludolapomakinde/2024/07/25/new-civil-rights-audit-standard-sets-corporate-accountability-benchmark/ [archived]
    In this evolving landscape, the new Civil Rights Audit Standards stand out as a beacon of hope and a robust framework for eradicating discrimination and ensuring equal opportunity for all people.
  6. [WEB] https://policyreview.info/articles/analysis/untamed-and-discreet-role-data-brokers-surveillance-capitalism-transnational-and [archived]
    4 Aug 2022 · Indeed, data brokers practices, such as data-driven practices, can result in human rights infringements. They can inflict various types of ...
  7. [WEB] https://www.prnewswire.com/news-releases/first-ever-civil-rights-audit-standards-for-us-businesses-set-new-benchmark-for-examining-bias-and-discrimination-risks-302205686.html [archived]
    The Standards were developed by an independent Civil Rights Audit Standards Committee, including civil rights experts, investors, worker advocates, and business executives.
  8. [WEB] https://www.opensocietyfoundations.org/uploads/42d529c7-a351-412e-a065-53770cf1d35e/data-brokers-in-an-open-society-20161121.pdf [archived]
    21 Nov 2016 · Dossiers about particular, identifiable people, commonly used for credit, insurance, employment, or similar types of personalized assessment.
  9. [REDDIT] https://www.reddit.com/r/ThriftSavingsPlan/comments/1ei8504/gao_investigation_report_of_the_frtib_and_tsp_is/ [archived]
    2 Aug 2024 · The US Government Accountability Office (GAO) has issued a report on its investigation of the TSP. The investigation was initiated at the request of some ...
  10. [REDDIT] https://www.reddit.com/r/IAmA/comments/eq0w5o/i_am_a_former_auditor_with_the_us_government/ [archived]
    GAO does have an IT auditing team, and I "matrixed" (aka worked with) some of them on a couple of my jobs. Typically they would be involved anytime technology was going to be an aspect of the audit, but they also did/do their own audits, as well.
  11. [REDDIT] https://www.reddit.com/r/changemyview/comments/1jnaa3z/cmv_the_government_should_not_be_run_like_a/
    30 Mar 2025 · The government definitely has performance metrics. It even has agencies like the GAO who evaluate and audit the government. I think every ...
  12. [REDDIT] https://www.reddit.com/r/privacy/comments/1bfrdx6/how_are_data_brokers_legal_if_anybody_could_buy/ [archived]
    I was wondering how countries made being a data broker legal? They could sell your data to ANYONE regardless of what they are going to use it for - scammers, spammers etc. What are the justifications for that , it literary makes no sense to me. In any other business if you do thi
  13. [REDDIT] https://www.reddit.com/r/OutOfTheLoop/comments/1gqftbu/whats_going_on_with_the_department_of_government/ [archived]
    13 Nov 2024 · GAO has extensive protocols and procedures to support its independence. GAO only reports facts that are thoroughly researched and vetted and ...
  14. [REDDIT] https://www.reddit.com/r/CPA/comments/1djsmh5/does_anyone_have_a_good_summary_of_audits_under/
    Ok_Amphibian1010 Does anyone have a good summary of audits under GAO GAGAS? Is integrated audit required? Is integrated audit required for single audit / under Gagas?
  15. [REDDIT] https://www.reddit.com/r/changemyview/comments/req4bc/cmv_gun_control_in_the_united_states_is_a_lost/
    12 Dec 2021 · TL;DR: the data directly links gun violence to handguns which are often ignored in gun rights conversations
  16. [REDDIT] https://www.reddit.com/t/gao/ [archived]
    This is the official community for Genshin Impact (原神), the latest open-world action RPG from HoYoverse. The game features a massive, gorgeous map, an elaborate elemental combat system, engaging storyline & characters, co-op game mode, soothing soundtrack, and much more for you t
Government Purchase of Commercial Location Data: Warrantless Surveillance Via Data Broker Loophole — SHARES-ACTOR (OUTGOING)GOVERNMENT PURCHASE OF CO…GAO Methodology for Civil Rights Impact Assessment in Data Broker AuditsGAO METHODOLOGY FOR CIVIL R…THIS FILESHARES-ACTOR