Agencies' Implementation of and Compliance With the Privacy Act Can Be Improved
LCD-78-115: Published: Jun 6, 1978. Publicly Released: Jun 6, 1978.
- Full Report:
The Privacy Act of 1974 provides certain safeguards to individuals against invasion of privacy by requiring federal agencies to establish rules and procedures for maintaining and protecting personal data in agency record systems. As of December 31, 1976, federal agencies had 6,753 systems of records which contained 3.85 billion records about individuals and operating costs relevant to the act for the year ended September 30, 1976, were an estimated $36.6 million.
Agencies are making a concerted effort to implement and comply with provisions of the act, but improvements are needed. Three systems of records had not been published in the Federal Register, but action was being taken to comply with this requirement. In several instances, forms used for collecting information from individuals did not contain required notices about information disclosure. According to officials, a policy of providing access to information was followed, and data identifying confidential sources of information were deleted. Agencies must keep an accurate accounting of statistics for certain disclosures, and the accounting must be available to the subject upon request. The estimated cost for agencies to account for disclosures for the year ended September 30, 1976, was $9.4 million. The adequacy of disclosure accounting could not be readily determined because of the methods used. Reductions in paperwork and staff time might be achieved by eliminating duplication and changing certain accounting procedures. Employees were receiving Privacy Act training, but the adequacy of training was not fully evaluated.
Recommendation for Executive Action
Comments: Please call 202/512-6100 for additional information.
Recommendation: The Office of Management and Budget should: (1) encourage heads of departments and agencies to review periodically the manner in which requirements of the act are being fulfilled to determine needs for additional training or other action; (2) emphasize the opportunities for reducing the cost of accounting for disclosures, with a view toward eliminating duplication and paperwork; (3) determine whether agencies should be required to maintain accountings for disclosures from locator files where individuals have authorized release of such information; and (4) advise agencies to make greater use of one-time Privacy Act notices or revise forms to incorporate notices.