Government Accountability Office Releases Three Reports on Privacy
Disclosure: I have worked with the GAO on a number of privacy issues.
The Government Accountability Office (GAO) is the investigative arm of Congress. It recently released three reports on privacy. Members of Congress who request the reports are allowed to hold the reports for up to 30 days before releasing them to the public, so some reports have dates from several weeks ago. Read coverage about these reports at USA Today.
Alternatives Exist for Enhancing Protection of Personally Identifiable Information, GAO-08-536, April 19, 2008. Full report (pdf).
“The centerpiece of the federal government’s legal framework for privacy protection, the Privacy Act of 1974, provides safeguards for information maintained by federal agencies. In addition, the E-Government Act of 2002 requires federal agencies to conduct privacy impact assessments for systems or collections containing personal information. GAO was asked to determine whether laws and guidance consistently cover the federal government’s collection and use of personal information and incorporate key privacy principles. GAO was also asked, in doing so, to identify options for addressing these issues. To achieve these objectives, GAO analyzed the laws and related guidance, obtained an operational perspective from federal agencies, and consulted an expert panel convened by the National Academy of Sciences.”
Agencies Should Ensure That Designated Senior Officials Have Oversight of Key Functions, GAO-08-603, May 30, 2008. Full report (pdf).
“Government agencies have a long-standing obligation under the Privacy Act of 1974 to protect the privacy of individuals about whom they collect personal information. A number of additional laws have been enacted in recent years directing agency heads to designate senior officials as focal points with overall responsibility for privacy. GAO was asked to (1) describe laws and guidance that set requirements for senior privacy officials within federal agencies, and (2) describe the organizational structures used by agencies to address privacy requirements and assess whether senior officials have oversight over key functions. To achieve these objectives, GAO analyzed the laws and related guidance and analyzed policies and procedures relating to key privacy functions at 12 agencies.”
Congress Should Consider Alternatives for Strengthening Protection of Personally Identifiable Information, GAO-08-795T, June 18, 2008. Full report (pdf).
“Concerns have been raised about the privacy and security of personal information in light of advances in information technology and the increasingly sophisticated ways in which the government obtains and uses information. Federal agencies’ use of personal information is governed by the Privacy Act of 1974 and the E-Government Act of 2002, while the Office of Management and Budget (OMB) provides implementation guidance and oversight. These laws and guidance are based on the Fair Information Practices, a set of widely accepted principles for protecting privacy. GAO was asked to testify on its report, being released today, concerning the sufficiency of privacy protections afforded by existing laws and guidance. To do this, GAO analyzed privacy laws and guidance, compared them with the Fair Information Practices, and obtained perspectives from federal agencies as well as an expert forum.”
Possibly related posts: