Computer matching is a powerful data surveillance tool widely used by government agencies since its emergence in 1976. Computer matching involves the merger of data from multiple sources: data gathered for different purposes, subject to different definitions, and of variable quality. It is a mass dataveillance technique, for its purpose is to generate suspicions that errors, misdemeanors or fraud have occurred. For many years, computer matching activities were carried out in semi-secrecy. The purpose of this paper is to propose a framework within which effective regulation can be imposed on this dangerous technique. This article commences by providing background to computer matching’s origins and nature. Its impacts are then discussed, in order to establish that there is a need for controls. Intrinsic controls are assessed, and found wanting. A set of features for a satisfactory external control regime is then presented. This article provides a basis for evaluating the protective measures which are in force in at least four jurisdictions, and guidance for legislators in others.
Roger A. Clarke, A Normative Regulatory Framework for Computer Matching, 13 J. Marshall J. Computer & Info. L. 585 (1995)