OMB and GAO disagree over privacy compliance
- By Jason Miller
- Jul 31, 2003
The Office of Management and Budget and the General Accounting Office are butting heads over the ability of agencies to assure the protection of individual privacy rights in agency systems.
In a GAO report (PDF)
released yesterday for Sen. Joseph I. Lieberman (D-Conn.), ranking member of the Governmental Affairs Committee, the audit agency found that agency compliance with the Privacy Act of 1974 is uneven across agencies.
The report said OMB needs to provide additional guidance on how to secure electronic records, make compliance a higher priority in agencies and provide resources for training employees about privacy.
'OMB has not responded to long-standing agency requests or to our recommendations for improved guidance,' GAO said.
John Graham, OMB administrator for the Office of Information and Regulatory Affairs, and Mark Forman, OMB administrator for e-government and IT, in responding to the draft report, said GAO's report has a 'fundamental flaw' because it treats various provisions in the Privacy Act as equally important.
OMB also called GAO's nine recommendations 'vague and nebulous.'
Lieberman also criticized the administration's effort. He said the administration needs to do a better job in bringing privacy policies up-to-date.
'People will never feel comfortable interacting with the government unless their personal information is kept private and secure,' he said. 'The administration needs to act quickly to strengthen privacy protections by committing more focused leadership and greater resources to protecting the public's privacy.'
He noted that only one OMB employee handles all governmentwide privacy issues, which represents insufficient attention to the matter.
GAO found:29 percent of agencies disclose personal information to nonfederal organizations without making sure the information is complete, accurate, relevant and timely.21 percent of the agency officials surveyed did not have the means to detect when persons, without authorization, were reading, altering, disclosing or destroying personal information.25 percent of agencies did not have policies and procedures in place to determine whether the personal information collected is actually required.
OMB is developing new privacy guidance, which is due out this summer. The guidance likely will require agencies to perform privacy assessments on new systems, an OMB official said in June. (Click for GCN story)