------------------------------ Date: Mon, 3 Jan 1994 15:14:32 EST From: Dave Banisar Subject: File 3--GAO Data Matching Report GAO Data Matching Report ONE HUNDRED THIRD CONGRESS CONGRESS OF THE UNITED STATES HOUSE OF REPRESENTATIVES COMMITTEE ON GOVERNMENT OPERATIONS 2157 RAYBURN HOUSE OFFICE BUILDING WASHINGTON, DC 20515-8143 PRIVACY CONTROLS OVER COMPUTER MATCHING LARGELY IGNORED Rep. Condit Releases New GAO Report A new General Accounting Office (GAO) report found serious deficiencies in implementation of the 1988 Computer Matching and Privacy Protection Act The report was released today by Rep. Gary A. Condit (D-CA), chairman of the Subcommittee on Information, Justice, Transportation, and Agriculture. Computer matching is the identification of similarities or dissimilarities in data found in two or more computer files. Matching is frequently used to identify delinquent debtors or ineligible program recipients. Computer matching has been criticized as an invasion of privacy, and the Computer Matching and Privacy Protection Act was passed to regulate the use of computer matching by federal agencies. In releasing the report, Rep. Condit said: "Most federal agencies have done a lousy job of complying with the Computer Matching Act. Agencies ignore the law or interpret it to suit their own bureaucratic convenience, without regard for the privacy interests that the law was designed to protect. "As a result, we don't have any idea when computer matching is a cost-effective technique for preventing fraud, waste, and abuse. I support reasonable computer matching that saves money. But if we are losing money, wasting resources, and invading privacy, then it makes no sense. "A broader issue is whether agencies can be expected to police their own operations that affect the privacy of the average citizen. Certainly OMB has done little to assist. We may need a different approach to overseeing federal privacy-related activities." GAO found numerous problems with the implementation of the Act's requirements. Cost-Benefit Analyses: The Act requires that matching programs include an analysis of the costs and benefits of the matching. One of the purposes of the Act was to limit the use of matching to instances where the technique was cost effective. GAO found many problems with implementation of this requirement, including poor quality or non-existent analyses. In 41% of cases, no attempt was made to estimate costs or benefits or both. In 59% of cases whem costs and benefits were esfimted, GAO found that not all reasonable costs and benefits were considered; that inadequate analyses were provided to support savings claims; and that no effort was made after the match to validate estimates. o Data Integrity Boards: The Act requires agencies involved in matching activities to establish a Data Integrity Board to oversee the process. GAO found that the Boards were not providing full and earnest reviews of proposed matches. GAO did not find any instance in which a Board pemianently cancelled an ongoing matching program or refused to approve a newly proposed one. GAO did not find evidence that the requirements of the matching act were used by the Boards to determine if a match should be approved. GAO also found that the implementation of the new procedures does not appear to have had major effects on the most important review process, the decision to conduct the match. GAO found that the Data Integrity Boards generally accepted agencies and states cost-benefit analyses despite their "severe methodological flaws and lack of documentation." The documentation often failed to show how costs and benefits were calculated or the time period for expected savings. Agencies rarely estimated the most significant costs. Overall, GAO found that the Data Integrity Boards provide less than a full and earnest review of matching agreements to detem-dne whether to proceed with proposed matches, but rather a regularization of the approval process. The report is titled Computer Matching: Quality of Decisions and Supporting Analyses Little Affected by 1988 Act. The report number is GAO/PEMD-94-2, and the date is October 18, 1993. Copies can be obtained [for free] from GAO by calling 202-512-6000. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=