Privacy report draws OMB's ire

Privacy Act: OMB Leadership Needed to Improve Agency Compliance

The Bush administration and the General Accounting Office last month offered starkly different views of how agencies are dealing with citizens' privacy.

GAO officials, in a report released July 30, concluded that "the government cannot adequately assure the public that all legislated individual privacy rights are being protected" because of uneven compliance with Privacy Act requirements.

The report emphasizes a need for further leadership and guidance from the Office of Management and Budget. OMB is also responsible for developing guidelines and regulations, and providing continuing assistance and oversight of agencies' implementation of act mandates.

The report drew heavy criticism from OMB officials, who responded in a detailed, 10-page letter signed by Mark Forman, administrator of the agency's Office of E-Government and Information Technology, and John Graham, administrator of the Office of Information and Regulatory Affairs.

"We believe that the draft report's conclusion — namely that if its recommendations are not adopted, [the government cannot assure that individual privacy rights are being protected] — lacks a solid factual foundation and therefore borders on the reckless and irresponsible," the letter says.

Calling the report "fundamentally flawed," OMB officials cite in the letter several weaknesses in GAO's study.

They felt the report seriously understates that the agencies involved in the study reported 100 percent compliance with the act's prohibition of unauthorized disclosures.

GAO officials disputed OMB's claim that the report has an "extremely limited nature and scope," noting that the study included 25 agencies in an attempt to gain a proper cross-section of both large and small organizations.

OMB officials further complained that the report offers no proposed actions that should be taken to improve leadership and guidance because it does not include specific deficiencies by specific agencies. GAO instead offers a broad range of requirements and states that it will provide additional details to help OMB in its efforts.

On this point, OMB has gained some public support.

"The administration is right to some degree," said Ari Schwartz, associate director of the Center for Democracy and Technology. "For GAO to really give a viewpoint on privacy, they need to go back into the agencies and look at exactly what the agencies are doing instead of what they say they are doing."

However, Schwartz said he feels the report's limited scope does not excuse OMB from the responsibility of leading agencies toward compliance.

"OMB needs to take a step back from the details of the report and look at the bigger picture," he said. "The methodology could have been better, but this is a report about leadership and there's a real lack of leadership on this issue."

***

Eyeing privacy

The following agencies have designated privacy officers:

* Homeland Security Department — the only one required by law.

* Internal Revenue Service.

* U.S. Postal Service.

Source: Center for Democracy and Technology