Privacy Act: Federal Agencies' Implementation Can Be Improved
GGD-86-107
Published: Aug 22, 1986. Publicly Released: Sep 04, 1986.
Skip to Highlights
Highlights
In response to a congressional request, GAO examined federal agencies' implementation of the Privacy Act of 1974, which protects personal privacy. GAO specifically examined: (1) the roles of agency Privacy Act officers; and (2) agencies' adherence to the act's provisions and Office of Management and Budget (OMB) guidelines.
Recommendations
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Office of Management and Budget | The Director, OMB, should actively oversee agencies' implementation of the Privacy Act by following up periodically to ensure agencies' adherence to OMB Circular A-130 and other OMB guidance. |
Closed – Not Implemented
OMB believes that desk officers fulfill the type of oversight envisioned by the framers of the Privacy Act. It has modified annual reporting requirements to provide more information for desk officer review.
|
| Office of Management and Budget | The Director, OMB, should direct agencies to: (1) review and update, or prepare, directives that clearly delegate responsibilities and establish accountability for all Privacy Act functions; (2) specifically assign to the Privacy Act officers coordinating responsibilities for all Privacy Act activities and ensure that the officers have the resources to fulfill these responsibilities; (3) systematically assess and provide for Privacy Act training to ensure that personnel are aware of the act's requirements and OMB guidance pertaining to such functions as conducting detailed risk assessments, automating systems of records, and conducting computer matching programs; and (4) assign responsibility for evaluating Privacy Act operations and monitoring implementation of any recommended improvements. |
Closed – Not Implemented
OMB has not completed action on all of the recommendations. It disagreed with the part of this recommendation to assign Privacy Act officers coordinating responsibilities and additional resources because it believes that agencies need latitude to allocate resources.
|
| Office of Management and Budget | The Director, OMB, should review and clarify its: (1) OMB Circular A-130 guidance on automating records systems by providing more specific criteria on when agencies are to prepare a new system report and notice, to ensure greater consistency within and among agencies in recognizing the need to provide advance public notice and reports to OMB and Congress; (2) computer matching guidelines by stating that agencies are to annually report to OMB all participation in matching programs initiated in prior years but conducted on a recurring basis, to contribute to more complete data in the OMB annual report to Congress; (3) computer matching guidelines by providing for public notice of computer matching programs conducted by organizations not covered by the act when Privacy Act systems of records are disclosed by federal agencies; and (4) computer matching guidelines by instructing agencies to notify OMB when they believe they are exempt from OMB guidelines. |
Closed – Implemented
The passage of the Computer Matching and Privacy Protection Act of 1988 provided the anticipated clarification in guidance.
|
Full Report
Office of Public Affairs
Topics
Confidential communicationsFederal agenciesInformation disclosureInformation systemsPrivacy lawRight of privacyComputer matchingPaperwork reductionPrivacy rightsData automation