Information Management: Agencies Need to Streamline Electronic Services
| Report Type |
Reports and Testimonies |
| Report Date |
Dec. 20, 2022 |
| Release Date |
Dec. 20, 2022 |
| Report No. |
GAO-23-105562 |
Summary:
What GAO Found
With certain enumerated exceptions, the Privacy Act of 1974 prohibits disclosure of records to any person or agency, unless disclosure is pursuant to the prior written request by, or with the prior written consent of, the individual to whom the record pertains. As required by the Creating Advanced Streamlined Electronic Services for Constituents Act of 2019, the Office of Management and Budget (OMB) issued guidance that outlined agencies' responsibilities for accepting digitally-formatted access and consent forms from individuals who are properly identity proofed and authenticated. Agencies were to implement the requirements in the OMB guidance by November 2021. As of September 2022, one of the selected agencies—the Securities and Exchange Commission (SEC)—reported that they had fully implemented OMB's guidance. The remaining 16 agencies reported encountering technical challenges and competing priorities that have delayed them from fully implementing OMB's guidance. However, five of these agencies have established time frames for full implementation. Sharing information on SEC's success could benefit other agencies' efforts to implement OMB's requirements.
Why GAO Did This Study
The Privacy Act prohibits disclosure of records to any person or agency, unless disclosure is pursuant to the prior written request by, or with the prior written consent of, the individual to whom the record pertains. Accordingly, agencies have developed various procedures and forms by which individuals may establish their identity and request access to or provide written consent for the disclosure of their records.
To simplify and modernize this process, the CASES Act required OMB to issue applicable guidance. This guidance was to: (1) require agencies to accept electronic identity proofing and authentication; (2) create a template for electronic consent and access forms and requires each agency to post the template on the agency website; and (3) require each agency to accept electronic consent and access forms from individuals that have been properly identity proofed and authenticated.
GAO was asked to review the implementation of the CASES Act at OMB and federal agencies. GAO selected 17 agencies for review that had received 5,000 or more Freedom of Information Act requests in fiscal year 2020.
« Return to search Government Accountability Office reports
