Report: Privacy compliance is uneven

General Accounting Office reports

Related Links

Inconsistent compliance with the Privacy Act means the federal government cannot adequately assure the public that individual privacy is being protected under the law, federal auditors said.

After surveying the privacy practices and procedures of 25 federal agencies, the General Accounting Office determined that compliance with the act is uneven governmentwide. In a report released today, the auditors say the Office of Management and Budget needs to, among other things, improve monitoring of government actions, consider more guidance for agencies and raise agency awareness.

Sen. Joseph Lieberman (D-Conn.) demanded improved leadership from OMB and a stronger commitment from all agencies.

"GAO's report today makes it very clear the government cannot adequately assure the public its privacy rights are being protected," Lieberman said. "The [Bush] administration needs to act quickly to strengthen privacy protections, by committing more focused leadership and greater resources to protecting the public's privacy."

GAO found that in almost 30 percent of instances when agencies disclosed personal information to nonfederal organizations, procedures were not in place to ensure that the data disclosed was complete, accurate, relevant and timely, as the Privacy Act requires.

Auditors also identified weaknesses in security. According to their report, more than one out of every five agency officials does not have a way to detect when unauthorized persons were reading, altering, disclosing or destroying information in the system.

And the report states that eight of the 25 agencies studied do not have the required policies and procedures to determine whether all personal information collected was needed.

GAO blamed the privacy shortfall on a lack of leadership from OMB, employee training and emphasis on privacy issues. For instance, OMB has only one person assigned to handle governmentwide privacy issues.

"That is simply unacceptable, given the importance of this issue to the general public," Lieberman said.

The E-Government Act of 2002 requires that federal agencies complete Privacy Impact Assessments for new information technology systems and new information collections.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.