OMB and GAO disagree over privacy compliance

The Office of Management and Budget and the General Accounting Office are butting heads over the ability of agencies to assure the protection of individual privacy rights in agency systems.

In a GAO report (PDF) released yesterday for Sen. Joseph I. Lieberman (D-Conn.), ranking member of the Governmental Affairs Committee, the audit agency found that agency compliance with the Privacy Act of 1974 is uneven across agencies.

The report said OMB needs to provide additional guidance on how to secure electronic records, make compliance a higher priority in agencies and provide resources for training employees about privacy.

“OMB has not responded to long-standing agency requests or to our recommendations for improved guidance,” GAO said.

John Graham, OMB administrator for the Office of Information and Regulatory Affairs, and Mark Forman, OMB administrator for e-government and IT, in responding to the draft report, said GAO’s report has a “fundamental flaw” because it treats various provisions in the Privacy Act as equally important.

OMB also called GAO’s nine recommendations “vague and nebulous.”

Lieberman also criticized the administration’s effort. He said the administration needs to do a better job in bringing privacy policies up-to-date.

“People will never feel comfortable interacting with the government unless their personal information is kept private and secure,” he said. “The administration needs to act quickly to strengthen privacy protections by committing more focused leadership and greater resources to protecting the public’s privacy.”

He noted that only one OMB employee handles all governmentwide privacy issues, which represents insufficient attention to the matter.

GAO found:

  • 29 percent of agencies disclose personal information to nonfederal organizations without making sure the information is complete, accurate, relevant and timely.


  • 21 percent of the agency officials surveyed did not have the means to detect when persons, without authorization, were reading, altering, disclosing or destroying personal information.


  • 25 percent of agencies did not have policies and procedures in place to determine whether the personal information collected is actually required.


  • OMB is developing new privacy guidance, which is due out this summer. The guidance likely will require agencies to perform privacy assessments on new systems, an OMB official said in June. (Click for GCN story).

    About the Author

    Connect with the GCN staff on Twitter @GCNtech.

    Featured

    • Congress
      Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

      Jim Langevin's view from the Hill

      As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

    • Comment
      Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

      How VA is disrupting tech delivery

      A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

    Stay Connected

    FCW INSIDER

    Sign up for our newsletter.

    I agree to this site's Privacy Policy.