OVERVIEW OF THE PRIVACY ACT OF 1974, 2004 EDITION

ROLE OF THE OFFICE OF MANAGEMENT AND BUDGET

Subsection (v) of the Privacy Act requires the Office of Management and Budget (OMB) to: (1) "prescribe guidelines and regulations for the use of agencies in implementing" the Act; and (2) "provide continuing assistance to and oversight of the implementation" of the Act by agencies. 5 U.S.C. § 552a(v).

The vast majority of OMB's Privacy Act Guidelines [hereinafter OMB Guidelines] are published at 40 Fed. Reg. 28,948-78 (July 9, 1975). However, these original guidelines have been supplemented in particular subject areas over the years. See 40 Fed. Reg. 56,741-43 (Nov. 21, 1975) (system of records definition, routine use and intra-agency disclosures, consent and congressional inquiries, accounting of disclosures, amendment appeals, rights of parents and legal guardians, relationship to Freedom of Information Act (FOIA)); 48 Fed. Reg. 15,556-60 (Apr. 11, 1983) (relationship to Debt Collection Act); 52 Fed. Reg. 12,990-93 (Apr. 20, 1987) ("call detail" programs); 54 Fed. Reg. 25818-29 (June 19, 1989) (computer matching); 56 Fed. Reg. 18,599-601 (proposed Apr. 23, 1991) (computer matching); 61 Fed. Reg. 6428, 6435-39 (Feb. 20, 1996) ("Federal Agency Responsibilities for Maintaining Records About Individuals").

As a general rule, the OMB Guidelines are entitled to the deference usually accorded the interpretations of the agency that has been charged with the administration of a statute. See Maydak v. United States, 363 F.3d 512, 518 (D.C. Cir. 2004); Henke v. United States Dep't of Commerce, 83 F.3d 1453, 1460 n.12 (D.C. Cir. 1996); Quinn v. Stone, 978 F.2d 126, 133 (3d Cir. 1992); Baker v. Dep't of the Navy, 814 F.2d 1381, 1383 (9th Cir. 1987); Perry v. FBI, 759 F.2d 1271, 1276 n.7 (7th Cir. 1985) (citing Bartel v. FAA, 725 F.2d 1403, 1408 n.9 (D.C. Cir. 1984); Albright v. United States, 631 F.2d 915, 919 n.5 (D.C. Cir. 1980)), rev'd en banc on other grounds, 781 F.2d 1294 (7th Cir. 1986); Smiertka v. United States Dep't of the Treasury, 604 F.2d 698, 703 n.12 (D.C. Cir. 1979); Rogers v. United States Dep't of Labor, 607 F. Supp. 697, 700 n.2 (N.D. Cal. 1985); Sanchez v. United States, 3 Gov't Disclosure Serv. (P-H) ¶ 83,116, at 83,709 (S.D. Tex. Sept. 10, 1982); Golliher v. USPS, 3 Gov't Disclosure Serv. (P-H) ¶ 83,114, at 83,703 (N.D. Ohio June 10, 1982); Greene v. VA, No. C-76-461-S, slip op. at 6-7 (M.D.N.C. July 3, 1978); Daniels v. FCC, No. 77-5011, slip op. at 8-9 (D.S.D. Mar. 15, 1978); see also Martin v. Office of Special Counsel, 819 F.2d 1181, 1188 (D.C. Cir. 1987) (OMB interpretation is "worthy of our attention and solicitude"). However, a few courts have rejected particular aspects of the OMB Guidelines as inconsistent with the statute. See Doe v. Chao, 124 S. Ct. 1204, 1212 n.11, 1215-16 (2004) (disagreeing with dissent's reliance on OMB interpretation of damages provision and stating that Court does "not find its unelaborated conclusion persuasive"); Henke v. United States Dep't of Commerce, No. 94-0189, 1996 WL 692020, at **2-3 (D.D.C. Aug. 19, 1994) (personal/entrepreneurial distinction), aff'd on other grounds, 83 F.3d 1445 (D.C. Cir. 1996); Kassel v. VA, No. 87-217-S, slip op. at 24-25 (D.N.H. Mar. 30, 1992) (subsection (e)(3)); Saunders v. Schweiker, 508 F. Supp. 305, 309 (W.D.N.Y. 1981) (same); Metadure Corp. v. United States, 490 F. Supp. 1368, 1373-74 (S.D.N.Y. 1980) (subsection (a)(2)); Fla. Med. Ass'n v. HEW, 479 F. Supp. 1291, 1307-11 (M.D. Fla. 1979) (same); Zeller v. United States, 467 F. Supp. 487, 497-99 (E.D.N.Y. 1979) (same).

On May 14, 1998, the White House, by executive memorandum, called upon all federal agencies to take further privacy-protection steps within the next year. Memorandum on Privacy and Personal Information in Federal Records, 34 Weekly Comp. Pres. Doc. 870 (May 14, 1998), which can be accessed at: http://www.whitehouse.gov/omb/memoranda/m99-05-a.html. Specifically, each agency was directed to designate a senior official with responsibility for privacy policy, to apply the Principles for Providing and Using Personal Information that were developed through the Information Infrastructure Task Force under the auspices of the Department of Commerce in 1995, and to conduct a series of reviews of agency record systems in order to ensure compliance with Privacy Act requirements. Id. The agencies reported the results of their reviews to OMB, where they were to be summarized. Id. The memorandum also provided that OMB would issue further guidance on the making of "routine use" disclosures under the Act. Id. See generally FOIA Update, Vol. XIX, No. 2, at 1 ("President Issues Privacy Act-Related Memorandum to All Federal Agencies") (providing summary of executive memorandum).

In 2002, the General Accounting Office (GAO) conducted an extensive review of agency Privacy Act practices to inform Congress about how agencies have implemented the Act. GAO issued a report on its findings in June 2003. U.S. Gen. Accounting Office, Report to the Ranking Minority Member, Comm. on Governmental Affairs, U.S. Senate, "Privacy Act: OMB Leadership Needed to Improve Agency Compliance," GAO-03-304 (June 2003), which can be accessed at: http://www.gao.gov/new.items/d03304.pdf.

Questions concerning the Act should first be directed to agency Privacy Act officers. Important policy/litigation questions, or questions concerning the OMB Guidelines, may be directed to OMB at (202) 395-3647.


Go to Table of Contents || Previous Section Role of the Privacy Protection Study Commission || Next Section Computer Matching