Federal Rulemaking: Selected Agencies Should Clearly Communicate Practices Associated with Identity Information in the Public Comment Process

Fast Facts

When federal agencies propose new rules, they usually provide an opportunity for public comment, but agencies aren't required to collect or verify commenters' identity information.

Mass mailing campaigns can result in thousands of duplicate comments. Agencies can post them individually, as attachments to a single comment, or as a count of duplicates received. Practices vary among agencies, within agencies, and for each rule.

The variation in how agencies post comments could create an inaccurate view of who submitted public comments. Our recommendations include more clearly communicating agencies' comment policies.

Man at computer looking at regulations.gov

Highlights

What GAO Found

The Administrative Procedure Act (APA) governs the process by which many federal agencies develop and issue regulations, which includes the public comment process (see figure below).

The Rulemaking Process under the Administrative Procedure Act

$U:\Work in Process\VCA_Graphics\FY 19\FAIS\102648_FAIS_GAO-19-486_Public_Comment_Identity_MCM\TIFF\102648_HL_5_v2_McM-01.tif$

Regulations.gov and agency-specific comment websites collect some identity information—such as name, email, or address—from commenters who choose to provide it during the public comment process. The APA does not require commenters to disclose identity information when submitting comments. In addition, agencies have no obligation under the APA to verify the identity of such parties during the rulemaking process.

GAO found that seven of 10 selected agencies have some internal guidance associated with the identity of commenters, but the substance varies, reflecting the differences among the agencies. The guidance most frequently relates to the comment intake or response to comment phases of the public comment process.

With the discretion afforded by the APA, selected agencies' treatment of commenters' identity information varies, particularly when posting duplicate comments (identical or near-identical comment text but varied identity information). Generally, officials told GAO that their agencies (1) post all comments within the comment system; or (2) maintain some comments outside of the system, such as in email file archives. For instance, one agency posts a single example of duplicate comments and indicates the total number of comments received. However, within these broad categories, posting practices vary considerably—even within the same agency—and identity information is inconsistently presented on public websites.

Selected agencies do not clearly communicate their practices for how comments and identity information are posted. GAO's key practices for transparently reporting government data state that federal government websites should disclose data sources and limitations to help public users make informed decisions about how to use the data. As a result, public users of the comment websites could reach inaccurate conclusions about who submitted a particular comment, or how many individuals commented on an issue.

Why GAO Did This Study

Federal agencies publish on average 3,700 proposed rules yearly and are generally required to provide interested persons (commenters) an opportunity to comment on these rules. In recent years, some high-profile rulemakings have received extremely large numbers of comments, raising questions about how agencies manage the identity information associated with comments. While the APA does not require the disclosure of identifying information from a commenter, agencies may choose to collect this information. This report examines (1) the identity information collected by Regulations.gov and agency-specific comment websites; (2) the guidance agencies have related to the identity of commenters; (3) how selected agencies treat identity information; and (4) the extent to which selected agencies clearly communicate their practices associated with identity information.

GAO selected a nongeneralizable sample of 10 federal agencies on the basis of large comment volume. GAO surveyed 52 program offices within these agencies about their comment process; and reviewed comment websites, agency guidance, and posted comment data. GAO also interviewed relevant agency officials.

Recommendations

GAO is making a total of eight recommendations to the selected agencies to more clearly communicate to the public their policies for posting comments and associated identity information to Regulations.gov and agency-specific comment websites. The selected agencies generally agreed with the recommendations.

Recommendations for Executive Action

Agency Affected	Recommendation	Status
Bureau of Land Management	The Director of the Bureau of Land Management (BLM) should create and implement a policy for standard posting requirements regarding comments and their identity information, particularly for duplicate comments, and should clearly communicate this policy to the public on the BLM website. (Recommendation 1)	Closed – Implemented In March 2020, BLM produced a policy stating that the agency may post a single example when it receives duplicate comments, along with a count of the number of duplicate comments received. Furthermore, the policy states that BLM does not require commenters to leave their identity information, but if commenters choose to do so, BLM cannot guarantee that this information will not be made public. BLM then communicated this policy on its website. These measures will help public users better determine whether and how they can use the data associated with public comments submitted to BLM and posted to Regulations.gov.
Centers for Medicare & Medicaid Services	The Administrator of Centers for Medicare & Medicaid Services (CMS) should create and implement a policy for standard posting requirements regarding comments and their identity information, particularly for duplicate comments, and should clearly communicate this policy to the public on the CMS website. (Recommendation 2)	Closed – Implemented The Department of Health and Human Services, the department in which CMS is a component agency, concurred with this recommendation. In response, in December 2020, CMS provided a series of documents stating that the agency will post all comments, even if the content is identical or nearly identical to other comments. Furthermore, the documents state that any personally identifiable information that is included in a comment will be available for public viewing. CMS communicated this information on its website. These measures will help public users better determine whether and how they can use the data associated with public comments submitted to CMS and posted to Regulations.gov.
Consumer Financial Protection Bureau	The Director of the Consumer Financial Protection Bureau (CFPB) should finalize its draft policy for posting comments and their identity information, particularly for duplicate comments, and clearly communicate it to the public on the CFPB website. (Recommendation 3)	Closed – Implemented CFPB concurred with the recommendation. In May 2020, CFPB finalized its internal procedures for docket management which describes the agency's policy of posting all comments with certain exceptions, including comments which are duplicate identical submissions. CFPB also communicated these posting practices on its website. These measures will help public users better determine whether and how they can use the data associated with public comments submitted to CFPB and posted to Regulations.gov.
Employee Benefits Security Administration	The Assistant Secretary of Labor for the Employee Benefits Security Administration (EBSA) should 1. create and implement a policy for standard posting requirements regarding comments and their identity information, particularly for duplicate comments; 2. clearly communicate this policy to the public on the EBSA website; and 3. evaluate the duplicative practice of replicating rulemaking dockets on the EBSA website, to either discontinue the practice or include a reference to Regulations.gov and explanation of how the pages relate to one another. (Recommendation 4)	Closed – Implemented EBSA concurred with the recommendation. In September 2019, EBSA indicated that it had performed an informal evaluation of internal and external users. According to EBSA, these users preferred to have public comments available on EBSA's website rather than on Regulations.gov alone. In March 2021, EBSA notified us that it had updated its website to reflect its procedures for handling duplicate comments which mirror DOL's "Best Practices for Treatment of Comments during Informal Rulemaking" document. These best practices in conjunction with EBSA's website statement describe EBSA's policy for handling duplicate comments. These measures will help public users better determine whether and how they can use the data associated with public comments submitted to EBSA and posted to Regulations.gov.
Environmental Protection Agency	The Administrator of the Environmental Protection Agency (EPA) should finalize its draft policy for posting comments and their identity information, particularly for duplicate comments, and clearly communicate it to the public on the EPA website. (Recommendation 5)	Closed – Implemented EPA concurred with the recommendation. In response, in June 2020, EPA finalized the EPA's Docket Center's Document Processing Standard Operating Procedure, which explains in detail when all duplicate comments are posted to Regulations.gov and when just one representative sample of duplicative comments is posted. EPA also communicated these posting practices on its website. These measures will help public users better determine whether and how they can use the data associated with public comments submitted to EPA and posted to Regulations.gov.
United States Fish and Wildlife Service	The Director of the Fish and Wildlife Service (FWS) should create and implement a policy for standard posting requirements regarding comments and their identity information, particularly for duplicate comments, and should clearly communicate this policy to the public on the FWS website. (Recommendation 6)	Closed – Implemented FWS concurred with the recommendation. In response, in January 2020, FWS finalized the FWS Administrative Procedure which directs staff to create one public submission record for duplicate comments which will include a sample of the comment along with the total number of commenters. FWS also communicated these posting practices on its website. These measures will help public users better determine whether and how they can use the data associated with public comments submitted to FWS and posted to Regulations.gov.
United States Securities and Exchange Commission	The Chairman of the Securities and Exchange Commission (SEC) should develop a policy for posting duplicate comments and associated identity information and clearly communicate it to the public on the SEC website. (Recommendation 7)	Closed – Implemented In September 2019, SEC revised its existing policy to include internal guidance on the process of posting duplicate comments. This policy states that when SEC receives duplicate comments, it will post the first version received along with a running total of how many of these comments were received. Additionally, SEC added language to the disclosure on the SEC website that articulates how it posts duplicate comments, including how SEC posts associated identity information. These measures will help public users better determine whether and how they can use the data associated with public comments.
Wage and Hour Division	The Administrator of the Wage and Hour Division (WHD) should clearly communicate its policy for posting comments and their identity information, particularly for duplicate comments, to the public on the WHD website. (Recommendation 8)	Closed – Implemented WHD concurred with the recommendation. in February 2020, WHD communicated its policy of posting grouped comments under a single document ID number and its policy of posting all personal information provided without change on its website. These measures will help public users better determine whether and how they can use the data associated with public comments submitted to WHD and posted to Regulations.gov.