Privacy Act:

Federal Agencies' Implementation Can Be Improved

GGD-86-107: Published: Aug 22, 1986. Publicly Released: Sep 4, 1986.

Additional Materials:

Contact:

L. Nye Stevens
(202) 275-8676
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

In response to a congressional request, GAO examined federal agencies' implementation of the Privacy Act of 1974, which protects personal privacy. GAO specifically examined: (1) the roles of agency Privacy Act officers; and (2) agencies' adherence to the act's provisions and Office of Management and Budget (OMB) guidelines.

GAO found that: (1) approaches to implementing the act's regulations varied widely among the agencies; (2) agencies often failed to establish clear lines of responsibility and accountability for the act's functions; (3) agency Privacy Act officers had limited responsibilities, training, and resources to ensure compliance with the act; and (4) agencies need to improve adherence to OMB guidelines relating to activities, such as computer matching programs, risk assessments, evaluations, and training.

Recommendations for Executive Action

  1. Status: Closed - Not Implemented

    Comments: OMB believes that desk officers fulfill the type of oversight envisioned by the framers of the Privacy Act. It has modified annual reporting requirements to provide more information for desk officer review.

    Recommendation: The Director, OMB, should actively oversee agencies' implementation of the Privacy Act by following up periodically to ensure agencies' adherence to OMB Circular A-130 and other OMB guidance.

    Agency Affected: Executive Office of the President: Office of Management and Budget

  2. Status: Closed - Not Implemented

    Comments: OMB has not completed action on all of the recommendations. It disagreed with the part of this recommendation to assign Privacy Act officers coordinating responsibilities and additional resources because it believes that agencies need latitude to allocate resources.

    Recommendation: The Director, OMB, should direct agencies to: (1) review and update, or prepare, directives that clearly delegate responsibilities and establish accountability for all Privacy Act functions; (2) specifically assign to the Privacy Act officers coordinating responsibilities for all Privacy Act activities and ensure that the officers have the resources to fulfill these responsibilities; (3) systematically assess and provide for Privacy Act training to ensure that personnel are aware of the act's requirements and OMB guidance pertaining to such functions as conducting detailed risk assessments, automating systems of records, and conducting computer matching programs; and (4) assign responsibility for evaluating Privacy Act operations and monitoring implementation of any recommended improvements.

    Agency Affected: Executive Office of the President: Office of Management and Budget

  3. Status: Closed - Implemented

    Comments: The passage of the Computer Matching and Privacy Protection Act of 1988 provided the anticipated clarification in guidance.

    Recommendation: The Director, OMB, should review and clarify its: (1) OMB Circular A-130 guidance on automating records systems by providing more specific criteria on when agencies are to prepare a new system report and notice, to ensure greater consistency within and among agencies in recognizing the need to provide advance public notice and reports to OMB and Congress; (2) computer matching guidelines by stating that agencies are to annually report to OMB all participation in matching programs initiated in prior years but conducted on a recurring basis, to contribute to more complete data in the OMB annual report to Congress; (3) computer matching guidelines by providing for public notice of computer matching programs conducted by organizations not covered by the act when Privacy Act systems of records are disclosed by federal agencies; and (4) computer matching guidelines by instructing agencies to notify OMB when they believe they are exempt from OMB guidelines.

    Agency Affected: Executive Office of the President: Office of Management and Budget

 

Explore the full database of GAO's Open Recommendations »

Jul 9, 2014

May 14, 2014

Apr 30, 2014

Mar 26, 2014

Jan 13, 2014

Dec 9, 2013

Dec 6, 2013

Nov 20, 2013

Oct 29, 2013

Sep 25, 2013

Looking for more? Browse all our products here