OMB adds guidance on privacy

OMB points out existing requirements and adds new guidance on matching citizens' personal information across agencies

"Guidance on Inter-Agency Sharing of PersonalData - Protecting Personal Privacy"

In the latest of a series of privacy memorandums, the Office of Management and Budget points out existing requirements and adds new guidance on matching citizens' personal information across agencies.

Agencies often share information to establish or verify an individual's eligibility for federal benefits programs or to collect payments or delinquent debts. This enables agencies to reduce errors and prevent fraud.

As agencies process more data in electronic form under the Government Paperwork Elimination Act, it will become easier to share such information, so agencies must have limits and guidelines, OMB Director Jacob Lew wrote in the latest guideline memo, released in December.

The new memo reminds agencies of the requirements—including notification, consent, accuracy and security requirements—already in place under the Computer Matching and Privacy Protection Act of 1988, an amendment to the Privacy Act of 1974.

The memo also outlines additional guidance that will be relevant as information technology moves forward.

The first is a recommendation that agencies share only information that is needed for a particular program. "In the computer world, it is far easier to implement sharing of only a narrow range of information," the memo states.

OMB also suggests that agencies should put in place mechanisms to ensure that officials are held responsible for the shared information. Such mechanisms include training programs that stress accountability and explain the penalties for breaches of confidentiality.

And the memo highlights a year-old initiative outlined by President Clinton in the fiscal 2001 budget for agencies to outline "privacy impact assessments" as part of the development of new federal IT systems.

In February 2000, the federal CIO Council voted the Internal Revenue Service's privacy impact assessment as a best practice, and it is available on the council's Web site (www.cio.gov/docs/IRS.htm).