From late 2004 to mid-2006, three ADVISE pilot programs – one focused on biological threats, another on weapons of mass destruction, and a third classified program to identify emerging threats – were not mere test beds working out technical bugs. Instead, they were "operational" and used "personally identifiable" data, without having conducted any privacy-risk assessments.

https://www.csmonitor.com/2007/0828/p01s02-usju.html