Government Privacy Protections Fall Short

WASHINGTON – Governmental Affairs Committee Ranking Member Joe Lieberman, D-Conn., in releasing a General Accounting Office report on federal privacy protections, said Wednesday the government needs to improve its protection of personal information maintained on all citizens within government databases. Citizens are often required to provide the government with personal information about themselves, their spouses and their children – income levels and medical histories, for example – in order to obtain government services or benefits, or to pay their taxes.

“People will never feel comfortable interacting with the government unless their personal information is kept private and secure,” Lieberman said. “Yet GAO’s report today makes it very clear the government cannot adequately assure the public its privacy rights are being protected. The Administration needs to act quickly to strengthen privacy protections, by committing more focused leadership and greater resources to protecting the public’s privacy. Right now, only one person is assigned to the Office of Management and Budget to handle all government-wide privacy issues. That is simply unacceptable, given the importance of this issue to the general public.” Lieberman has a longstanding commitment to protection of individuals’ privacy. The E-Government Act of 2002, which Lieberman authored, contains sweeping new protections of personal privacy, including a requirement that federal agencies complete Privacy Impact Assessments for new information technology systems and new information collections. The Governmental Affairs Committee also has oversight over federal government privacy issues, including the Privacy Act. Lieberman called on the Administration to show a greater commitment to bringing privacy policies up to date. “Advances in information technology and the Internet have dramatically increased the federal government’s ability to collect, analyze, and disclose personal information about many private aspects of citizens’ lives,” he said. “That’s why I pushed for enactment of new privacy protections in the E-Government Act. I am concerned that the Administration still hasn’t released required guidance to agencies on how to implement those privacy provisions, more than seven months after the Act’s passage.” GAO surveyed the privacy practices and procedures of 25 federal agencies for its report, entitled, “Privacy Act: OMB Leadership Needed to Improve Agency Compliance.” The GAO also conducted a forum on Privacy Act issues with representatives of 24 federal agencies. Among the report’s most important findings: • Compliance with the Privacy Act was uneven across agencies. • In nearly one out of three instances (29 percent) when agencies disclosed personal information to non-federal organizations, the agencies did not have procedures in place to ensure that the personal information disclosed was complete, accurate, relevant, and timely, as required by the Privacy Act. • In one out of five systems (21 percent), agency officials did not have the means to detect when persons, without authorization, were reading, altering, disclosing, or destroying information in the system. • Eight of the 25 federal agencies did not have the required policies and procedures to determine, before information systems become operational, whether all the personal information to be collected is actually needed. Agency officials acknowledge this uneven compliance. Among the reasons they cite are the lack of OMB leadership and guidance, the low priority that agencies assign to privacy issues, and lack of employee training on the Privacy Act. The GAO report also noted that only one OMB official is dedicated to Privacy Act issues and other government-wide privacy policies full time. That official is a civil servant within the Information Branch of the Office of Information and Regulatory Affairs.