Skip to main content

Privacy: Alternatives Exist for Enhancing Protection of Personally Identifiable Information

GAO-08-536 Published: May 19, 2008. Publicly Released: Jun 18, 2008.
Jump To:
Skip to Highlights

Highlights

The centerpiece of the federal government's legal framework for privacy protection, the Privacy Act of 1974, provides safeguards for information maintained by federal agencies. In addition, the E-Government Act of 2002 requires federal agencies to conduct privacy impact assessments for systems or collections containing personal information. GAO was asked to determine whether laws and guidance consistently cover the federal government's collection and use of personal information and incorporate key privacy principles. GAO was also asked, in doing so, to identify options for addressing these issues. To achieve these objectives, GAO analyzed the laws and related guidance, obtained an operational perspective from federal agencies, and consulted an expert panel convened by the National Academy of Sciences.

Recommendations

Matter for Congressional Consideration

Matter Status Comments
In assessing the appropriate balance between the needs of the federal government to collect personally identifiable information for programmatic purposes and the assurances that individuals should have that their information is being sufficiently protected and properly used, Congress should consider amending applicable laws, such as the Privacy Act and the E-Government Act, according to the alternatives outlined in this report, including: revising the scope of the laws to cover all personally identifiable information collected, used, and maintained by the federal government; setting requirements to ensure that the collection and use of personally identifiable information is limited to a stated purpose; and establishing additional mechanisms for informing the public about privacy protections by revising requirements for the structure and publication of public notices.
Closed – Not Implemented
While the Senate considered amending applicable laws according to the alternatives outlined in our report, no such amendments have been passed by the Congress or enacted into law. Specifically, on October 18, 2011, Sen. Akaka introduced the Privacy Act Modernization for the Information Age Act of 2011, which would amend both the Privacy Act and E-Government Act to cover all personally identifiable information (PII) collected, used, and maintained by the federal government; set requirements to ensure all PII was used for stated purposes; and establish additional mechanisms for informing the public about privacy protections. The proposed act has not been passed.

Full Report

GAO Contacts

Office of Public Affairs

Topics

Classified informationComputer securityConfidential informationE-governmentGovernment informationGovernment information disseminationInformation accessInformation disclosureInformation managementInformation securityInformation security managementInformation security regulationsInformation systemsInformation technologyPersonal securityPrivacy lawPrivacy policiesPrivacy policy violationProgram evaluationProgram managementRecords managementRegulatory agenciesReporting requirementsRight of privacyRisk assessmentRisk managementStrategic planningTechnologyProgram goals or objectives