OMB and GAO disagree over privacy compliance

The Office of Management and Budget and the General Accounting Office are butting heads over the ability of agencies to assure the protection of individual privacy rights in agency systems.

In a GAO report (PDF) released yesterday for Sen. Joseph I. Lieberman (D-Conn.), ranking member of the Governmental Affairs Committee, the audit agency found that agency compliance with the Privacy Act of 1974 is uneven across agencies.

The report said OMB needs to provide additional guidance on how to secure electronic records, make compliance a higher priority in agencies and provide resources for training employees about privacy.

“OMB has not responded to long-standing agency requests or to our recommendations for improved guidance,” GAO said.

John Graham, OMB administrator for the Office of Information and Regulatory Affairs, and Mark Forman, OMB administrator for e-government and IT, in responding to the draft report, said GAO’s report has a “fundamental flaw” because it treats various provisions in the Privacy Act as equally important.

OMB also called GAO’s nine recommendations “vague and nebulous.”

Lieberman also criticized the administration’s effort. He said the administration needs to do a better job in bringing privacy policies up-to-date.

“People will never feel comfortable interacting with the government unless their personal information is kept private and secure,” he said. “The administration needs to act quickly to strengthen privacy protections by committing more focused leadership and greater resources to protecting the public’s privacy.”

He noted that only one OMB employee handles all governmentwide privacy issues, which represents insufficient attention to the matter.

GAO found:

  • 29 percent of agencies disclose personal information to nonfederal organizations without making sure the information is complete, accurate, relevant and timely.


  • 21 percent of the agency officials surveyed did not have the means to detect when persons, without authorization, were reading, altering, disclosing or destroying personal information.


  • 25 percent of agencies did not have policies and procedures in place to determine whether the personal information collected is actually required.


  • OMB is developing new privacy guidance, which is due out this summer. The guidance likely will require agencies to perform privacy assessments on new systems, an OMB official said in June. (Click for GCN story).

    About the Author

    Connect with the GCN staff on Twitter @GCNtech.

    Featured

    • Management
      people standing on keyboard (Who is Danny/Shutterstock.com)

      OPM-GSA merger plan detailed in legislative proposal

      The White House is proposing legislation for a dramatic overhaul of human resources inside government and wants $50 million to execute the plan.

    • Cloud
      cloud applications (chanpipat/Shutterstock.com)

      GSA plans civilian DEOS counterpart

      GSA is developing a cloud email and enterprise services contract inspired by the single-source vehicle the Department of Defense devised for back-office software.

    • Defense
      software (whiteMocca/Shutterstock.com)

      DOD looks to unify software spending for 2020

      Defense Department acquisition head, Ellen Lord, hopes to simplify software buying and improve business systems following the release of the Defense Innovation Board's final software acquisition study.

    Stay Connected

    FCW INSIDER

    Sign up for our newsletter.

    I agree to this site's Privacy Policy.