Critical Read

GAO: Better guidance needed on Computer Matching Act

Placeholder Image for Article Template

What: A report on agencies' efforts to share information under the Computer Matching Act, produced by the Government Accountability Office in response to a request from several lawmakers on the Senate Homeland Security and Governmental Affairs Committee.

Why: According to GAO, the Office of Management and Budget is failing to provide agencies with consistent guidance on how to comply with the demands of the Computer Matching Act, which comes into play when federal agencies seek to analyze data across systems to catch improper or duplicate payments made via government benefit programs.

Matching programs governed by the act include E-Verify, which employers use to make sure new hires are eligible to work in the United States, and the Secure Flight program, which checks airline passenger manifests against the government's No Fly List. However, as the report notes, "without adequate protection, individuals' information could be compromised through inappropriate use, modification or disclosure."

A law enacted in January 2013 exempts one key government dataset, the Social Security Administration's Death Master File, from the Computer Matching Act's oversight. Other exemptions are designed to prevent prison inmates from collecting benefits and keep medical providers from receiving fraudulent payments under Medicare and Medicaid.

Agencies are subject to strict rules when it comes to forging matching agreements with other agencies, including details on the data, the purpose, expected cost savings, provisions for guaranteeing the integrity and accuracy of the data, and a description of how the security of records is to be maintained. Congress and OMB must be notified, and notice of the agreement must be published in the Federal Register.

Although OMB is responsible for issuing guidelines for complying with the administrative rules for matching agreements, the GAO report indicates that there is no current checklist for agencies to follow. Officials at three agencies indicated that they used a 1986 GAO report on computer agreements as a guide to complying with the law. "OMB has provided little assistance to agencies in implementing the act, which may contribute to inconsistent implementation," GAO auditors wrote.

Verbatim: "OMB guidance does not resolve questions about what types of matching are covered by the act, as well as how to assess costs and benefits, resulting in confusion among the agencies. Without clearer guidance and assistance from OMB, the agencies we reviewed are likely to continue implementing the act inconsistently and potentially conducting computer matching programs that are neither cost-effective nor protective of privacy, as provided for by the act."

Full report:

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.