Ensuring Privacy Protections in a Post-9/11 Environment

What Needs to Be Done | Key Reports

The increasingly sophisticated ways in which the federal government obtains and uses personal information could assist in critical functions, such as preventing terrorism, but also raise challenges in ensuring that privacy is protected.

  • In 2003, GAO reported that although agency compliance with the Privacy Act was high in many areas, it was uneven across the federal government.
    Highlights of GAO-03-304 (PDF)
  • Federal agency use of personal information is governed primarily by the Privacy Act of 1974 and the E-Government Act of 2002. However, concerns have been raised that the framework of legal mechanisms for protecting personal privacy may no longer be sufficient given current information uses.
    Highlights of GAO-08-795T (PDF)
    • For example, the Privacy Act’s protections apply not to all personal information collected and maintained by the federal government but only to information held in “systems of records” in which information is retrieved by a personal identifier.
  • Many concerns have also been raised about the quality and efficacy of Privacy Act public notices—the major avenue used to inform the public about the government’s use of personal information.
    Highlights of GAO-08-536 (PDF)

^ Back to topWhat Needs to Be Done

GAO has suggested that Congress consider amending applicable laws to better ensure the protection of citizens’ privacy rights.

Highlights of GAO-08-795T (PDF)

  • In addition, although it has not made specific recommendations, GAO noted that the Office of Management and Budget (OMB) could enhance protection of personally identifiable information through revisions or supplements to its privacy guidance.
    Highlights of GAO-03-304 (PDF)

^ Back to topKey Reports

Privacy: Alternatives Exist for Enhancing Protection of Personally Identifiable Information
GAO-08-536, May 19, 2008
Summary (HTML)   Highlights Page (PDF)   Full Report (PDF, 77 pages)   Accessible Text   Recommendations (HTML)
Personal Information: Agency and Reseller Adherence to Key Privacy Principles
GAO-06-421, April 4, 2006
Summary (HTML)   Highlights Page (PDF)   Full Report (PDF, 93 pages)   Accessible Text   Recommendations (HTML)
Privacy Act: OMB Leadership Needed to Improve Agency Compliance
GAO-03-304, June 30, 2003
Summary (HTML)   Highlights Page (PDF)   Full Report (PDF, 82 pages)   Accessible Text   Recommendations (HTML)
GAO Contact
Portrait of Joel C. Willemssen

Joel C. Willemssen

Managing Director, Information Technology

willemssenj@gao.gov

(202) 512-6222