The centerpiece of the federal government's legal framework for privacy protection, the Privacy Act of 1974, provides safeguards for information maintained by federal agencies. In addition, the E-Government Act of 2002 requires federal agencies to conduct privacy impact assessments for systems or collections containing personal information. GAO was asked to determine whether laws and guidance consistently cover the federal government's collection and use of personal information and incorporate key privacy principles. GAO was also asked, in doing so, to identify options for addressing these issues. To achieve these objectives, GAO analyzed the laws and related guidance, obtained an operational perspective from federal agencies, and consulted an expert panel convened by the National Academy of Sciences.
Matter for Congressional Consideration
|In assessing the appropriate balance between the needs of the federal government to collect personally identifiable information for programmatic purposes and the assurances that individuals should have that their information is being sufficiently protected and properly used, Congress should consider amending applicable laws, such as the Privacy Act and the E-Government Act, according to the alternatives outlined in this report, including: revising the scope of the laws to cover all personally identifiable information collected, used, and maintained by the federal government; setting requirements to ensure that the collection and use of personally identifiable information is limited to a stated purpose; and establishing additional mechanisms for informing the public about privacy protections by revising requirements for the structure and publication of public notices.||While the Senate considered amending applicable laws according to the alternatives outlined in our report, no such amendments have been passed by the Congress or enacted into law. Specifically, on October 18, 2011, Sen. Akaka introduced the Privacy Act Modernization for the Information Age Act of 2011, which would amend both the Privacy Act and E-Government Act to cover all personally identifiable information (PII) collected, used, and maintained by the federal government; set requirements to ensure all PII was used for stated purposes; and establish additional mechanisms for informing the public about privacy protections. The proposed act has not been passed.|