OMB and GAO disagree over privacy compliance

The Office of Management and Budget and the General Accounting Office are butting heads over the ability of agencies to assure the protection of individual privacy rights in agency systems.

In a GAO report (PDF) released yesterday for Sen. Joseph I. Lieberman (D-Conn.), ranking member of the Governmental Affairs Committee, the audit agency found that agency compliance with the Privacy Act of 1974 is uneven across agencies.

The report said OMB needs to provide additional guidance on how to secure electronic records, make compliance a higher priority in agencies and provide resources for training employees about privacy.

“OMB has not responded to long-standing agency requests or to our recommendations for improved guidance,” GAO said.

John Graham, OMB administrator for the Office of Information and Regulatory Affairs, and Mark Forman, OMB administrator for e-government and IT, in responding to the draft report, said GAO’s report has a “fundamental flaw” because it treats various provisions in the Privacy Act as equally important.

OMB also called GAO’s nine recommendations “vague and nebulous.”

Lieberman also criticized the administration’s effort. He said the administration needs to do a better job in bringing privacy policies up-to-date.

“People will never feel comfortable interacting with the government unless their personal information is kept private and secure,” he said. “The administration needs to act quickly to strengthen privacy protections by committing more focused leadership and greater resources to protecting the public’s privacy.”

He noted that only one OMB employee handles all governmentwide privacy issues, which represents insufficient attention to the matter.

GAO found:

  • 29 percent of agencies disclose personal information to nonfederal organizations without making sure the information is complete, accurate, relevant and timely.


  • 21 percent of the agency officials surveyed did not have the means to detect when persons, without authorization, were reading, altering, disclosing or destroying personal information.


  • 25 percent of agencies did not have policies and procedures in place to determine whether the personal information collected is actually required.


  • OMB is developing new privacy guidance, which is due out this summer. The guidance likely will require agencies to perform privacy assessments on new systems, an OMB official said in June. (Click for GCN story).

    About the Author

    Connect with the GCN staff on Twitter @GCNtech.

    Featured

    • Defense
      The Pentagon (Photo by Ivan Cholakov / Shutterstock)

      DOD CIO hits pause on JEDI cloud acquisition

      Dana Deasy set cloud as his office's top priority. But when it comes to the JEDI request for proposal, he's directed staff to "pause" to compile a comprehensive review.

    • Cybersecurity
      By Gorodenkoff shutterstock ID 761940757

      Waging cyber war without a rulebook

      As the U.S. looks to go on the offense in the cyber domain, critical questions remain unanswered around who will take the lead and how clearly to draw the rules of engagement.

    • Government Innovation Awards
      Government Innovation Awards - https://governmentinnovationawards.com

      Deadline extended for Rising Star nominations

      You now have until July 18 to help us identify the early-career innovators and change agents in government IT.

    Stay Connected

    FCW Update

    Sign up for our newsletter.

    I agree to this site's Privacy Policy.