Who will have access to millions of Americans’ financial and health data?

Think the NSA data collection on your phone calls and Internet use is scary? Well, here comes Obamacare.

On October 1, the law’s insurance exchanges are scheduled to start open enrollment in all 50 states. In order to help people sign up for insurance and to determine which applicants are eligible for subsidies or Medicaid, the exchanges will need to collect both tax and health-care data for more than 7 million Americans. This means a new government bureaucracy will be in possession of these people’s financial, employment, and health information — everything from their income last year to the prescription drugs they take. What could possibly go wrong?


Start with the application process itself. Applicants will be assisted by thousands of “navigators,” who will provide advice and information about the program, help consumers differentiate between the types of insurance plans available, and assist them in completing the application process. Many navigators are expected to be drawn from pro-Obamacare organizations, such as Organizing for America, the Service Employees International Union (SEIU), and Planned Parenthood.

If you are among the millions of Americans forced to purchase insurance through an exchange, these navigators will have access to such sensitive information as your Social Security number, date of birth, bank account number, place of employment, and medical history. Some of the funds needed to hire and train the workers aren’t expected to be released until the end of August. This means that, in the 34 states where the federal government is running the exchanges, there will be just a month to hire and train thousands of workers. In a rush to have sufficient numbers of navigators in place by the October 1 deadline, the administration has reduced the amount of training required from 30 hours to just 20. Three training courses will be conducted online.


The majority of states don’t have any process in place for running criminal-background checks on applicants for these jobs, and there are no requirements that navigators be bonded. In fact, they don’t even need to have a high-school diploma. (The government does plan to use credit-rating agencies to check on the applicants, if that’s any comfort.)


In fact, the potential for identity theft is so great that even California’s insurance commissioner, David Jones, a Democrat and an ardent Obamacare supporter, recently warned, “We can have a real disaster on our hands.”


And as if the real navigators weren’t enough of a concern, the Federal Trade Commission is worrying about a massive opportunity for consumer fraud, with scam artists posing as navigators to take advantage of the unwary. “There’s no doubt in my mind that the fraudsters view it as an opportunity to rip people off,” warned Lois Greisman, an associate director at the Federal Trade Commission, who heads the Division of Marketing Practices. Yet the FTC has not yet developed policies for dealing with this expected wave of fraud.

Meanwhile, at the federal level, the administration is creating a giant “data hub,” which will be able to draw on records from at least seven different government agencies — the Internal Revenue Service, the Social Security Administration, the Department of Homeland Security, the Veterans Health Administration, the Department of Defense, the Office of Personnel Management, and the Peace Corps.


Would the government itself or any rogue employees ever misuse these data? History is full of examples of governments abusing the power to collect and retain information about their citizens. Given the track record of the past two administrations when it comes to privacy, one can’t be blamed for just a bit of paranoia.


Even if the data are not misused by anyone in authority, the data hub will be an inviting target for hackers and cybercriminals. According to the Government Accountability Office, “Federal agencies have reported increasing numbers of cybersecurity incidents that have placed sensitive information at risk, with potentially serious impacts on federal operations, assets, and people. . . . Over the past 6 years, the number of incidents reported by federal agencies . . . has increased from 5,503 in fiscal year 2006 to 48,562 incidents in fiscal year 2012, an increase of 782 percent.”

Furthermore, the data hub will be run by a contractor, not by the federal government. Unfortunately, in 2011, Serco, the British company hired for the job, was hacked, resulting in the theft of Social Security numbers and other personal information for some 120,000 participants in the federal Thrift Savings Plan. This does not exactly make one feel more secure.

Even worse, late last month, HHS’s Office of the Inspector General reported that the Obama administration has missed repeated deadlines for testing, reporting, and correcting security risks for the hub. HHS does not even expect a final security-control assessment until ten days before the hub is scheduled to begin operations, and it won’t certify the program’s security until September 30 — the day before it goes into effect. I guess that’s what one calls confidence.

The American people have rightly recoiled from privacy abuses in the name of fighting terror. The potential privacy threat from Obamacare is every bit as great. Where is Edward Snowden when we need him?

— Michael Tanner is a senior fellow at the Cato Institute and the author of Leviathan on the Right: How Big-Government Conservatism Brought Down the Republican Revolution.