US agencies 47 years behind with privacy law

Just one in 17 U.S. federal agencies have been able to comply with year-old requirements for getting consent to disclose personal information, according to the Government Accountability Office. Agencies are behind in equal measure in accepting digital ID for identity proofing and authentication.

The GAO is the Congress’ investigator and auditor of the executive branch, and many an agency head has read an evaluation of their efforts with discomfort.

In this case, the GAO was checking to see if consent procedures, required to be implemented by November 2021 by another government watch dog, are in place.

Only the Securities and Exchange Commission had set up digital privacy processes required by the Office of Management and Budget, the GAO’s counterpart in the legislative branch.

The same guidance instructed agencies to accept digital identity proofing and authentication. This requirement was also unmet by 16 out of 17, with the SEC the exception.

The State, Treasury and Social Security departments have each reached the testing stage for accepting digital ID. Four more are at the development stage.

The need to safeguard personal data ought not have surprised anyone. It is spelled out int the Privacy Act of 1974, which among other provisions mandates that prior written consent of anyone in a record should be acquired prior to sharing it.

Officials in the other 16 agencies, according to the GAO, said they had run into “technical challenges and competing priorities” that have delayed their compliance.

Those not in compliance include the departments of Health and Human Services, Justice, Treasury, Veterans Affairs, Personnel Management, Defense and the Social Security Administration.

Article Topics

authentication  |  data privacy  |  digital ID  |  government services  |  identity verification  |  U.S. Government