OMB and GAO disagree over privacy compliance

The Office of Management and Budget and the General Accounting Office are butting heads over the ability of agencies to assure the protection of individual privacy rights in agency systems.

In a GAO report (PDF) released yesterday for Sen. Joseph I. Lieberman (D-Conn.), ranking member of the Governmental Affairs Committee, the audit agency found that agency compliance with the Privacy Act of 1974 is uneven across agencies.

The report said OMB needs to provide additional guidance on how to secure electronic records, make compliance a higher priority in agencies and provide resources for training employees about privacy.

“OMB has not responded to long-standing agency requests or to our recommendations for improved guidance,” GAO said.

John Graham, OMB administrator for the Office of Information and Regulatory Affairs, and Mark Forman, OMB administrator for e-government and IT, in responding to the draft report, said GAO’s report has a “fundamental flaw” because it treats various provisions in the Privacy Act as equally important.

OMB also called GAO’s nine recommendations “vague and nebulous.”

Lieberman also criticized the administration’s effort. He said the administration needs to do a better job in bringing privacy policies up-to-date.

“People will never feel comfortable interacting with the government unless their personal information is kept private and secure,” he said. “The administration needs to act quickly to strengthen privacy protections by committing more focused leadership and greater resources to protecting the public’s privacy.”

He noted that only one OMB employee handles all governmentwide privacy issues, which represents insufficient attention to the matter.

GAO found:

  • 29 percent of agencies disclose personal information to nonfederal organizations without making sure the information is complete, accurate, relevant and timely.


  • 21 percent of the agency officials surveyed did not have the means to detect when persons, without authorization, were reading, altering, disclosing or destroying personal information.


  • 25 percent of agencies did not have policies and procedures in place to determine whether the personal information collected is actually required.


  • OMB is developing new privacy guidance, which is due out this summer. The guidance likely will require agencies to perform privacy assessments on new systems, an OMB official said in June. (Click for GCN story).

    About the Author

    Connect with the GCN staff on Twitter @GCNtech.

    Featured

    • Defense

      DOD wants prime contractors to be 'help desk' for new cybersecurity model

      The Defense Department is pushing forward with its unified cybersecurity standard for contractors and wants large companies and industry associations to show startups and smaller firms the way.

    • FCW Perspectives
      tech process (pkproject/Shutterstock.com)

      Understanding the obstacles to automation

      As RPA moves from buzzword to practical applications, agency leaders say it’s forcing broader discussions about business operations

    Stay Connected

    FCW INSIDER

    Sign up for our newsletter.

    I agree to this site's Privacy Policy.