Skip to main content

Information Management: Selected Agencies' Handling of Personal Information

GAO-02-1058 Published: Sep 30, 2002. Publicly Released: Oct 30, 2002.
Jump To:
Skip to Highlights

Highlights

To obtain government services, members of the public must often provide agencies with personal information, which includes both identifying information (such as name or Social Security number, which can be used to locate to identify someone) and nonidentifying information (such as age or gender). GAO was asked to review agencies' handling of the personal information they collect and whether this handling conforms with federal law, regulation, and agency guidance.

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Labor In order to meet the requirements of the Privacy Act and other relevant laws and guidance protecting personally identifiable information, the Secretary of Labor should ensure that the appropriate agency officials review their data collection forms to ensure that the electronic forms (1) include the Paperwork Reduction Act and Privacy Act statements and all notices, as appropriate; and (2) are valid and up to date.
Closed – Implemented
In response to another GAO report (GAO-05-424), the Department of Labor added the required information to all public use forms on its web sites that were identified as lacking information required by the Paperwork Reduction Act. In addition, it has centralized the management of its web sites within the Office of Public Affairs, plans to annually audit its agencies' web sites to ensure that all forms display a currently valid OMB control number and other required information, is amending its policies to require that all discontinued forms be removed from the web site within 5 business days, and is developing a checklist of required PRA information to ensure it is clearly displayed on forms.
Department of Agriculture The Secretary of Agriculture should ensure that Agriculture officials periodically determine that notices of how they share personal information from their data collections are still valid.
Closed – Implemented
In August 2003, USDA's Deputy Chief Information Officer notified GAO that USDA has placed increased emphasis on the requirements of the Privacy Act as they increase electronic interactions with their customers. Also, agency officials have been requested to review their system of record notices including how they share personal information via the "routine use" authority in the Privacy Act. In addition, a memorandum will be sent to all agency privacy officials advising them to review and update the accuracy and relevance of their Privacy Act notices where necessary.

Full Report

Office of Public Affairs

Topics

Data collectionInformation resources managementRecords managementRight of privacyInformation managementPersonally identifiable informationPrivacy rightsEmployee compensationInformation collectionInformation security