Ensuring That Agencies Protect Privacy
In the information age, agencies increasingly collect and process personal information in new ways.
- The standard in both the private sector and the government has become Internet-based exchanges of information, leading to increased pressure to use electronic information (for example, to implement electronic health records).
- In the post-9/11 environment, agencies have felt an increasing urgency to access, analyze, and share large amounts of personal information to ensure the security of the homeland.
However, the government’s approach to protecting personal privacy is becoming outdated.
Highlights of GAO-08-536 (PDF)
- The primary law controlling federal agency privacy-related actions is the Privacy Act, which was passed in 1974.
- The law was put in place long before current technologies were developed and is now inadequate.
- OMB is responsible for overseeing the implementation of the Privacy Act and other related laws and issuing guidance.
- However, it has not issued comprehensive guidance on privacy protection since 1975.
- Privacy: Alternatives Exist for Enhancing Protection of Personally Identifiable Information
- GAO-08-536, May 19, 2008
- Summary (HTML) Highlights Page (PDF) Full Report (PDF, 77 pages) Accessible Text Recommendations (HTML)
^ Back to topWhat Needs to Be Done
Although congressional action may be needed to modify the Privacy Act, OMB could enhance protection of personally identifiable information through revisions or supplements to its privacy guidance.
Highlights of GAO-08-536 (PDF)