The Office of Management and Budget’s fiscal 2005 report
to Congress on the implementation of the e-government
act of 2002 describes federal progress implementing
privacy safeguards in agency e-government activities.
In 2005 OMB added privacy to the President’s Management
Agenda scorecard. To achieve the highest “green” status
score, agencies must have conducted and publicly posted
privacy impact assessments for at least 90 percent of
applicable systems, and have demonstrated they have
developed and published “privacy act systems of records,
” the report said.
It said that as part of agencies’ annual reporting under
the Federal Information Security Management Act, it asked
agencies to report on how they are implementing the
requirements of privacy laws and policy in the areas
of privacy leadership and coordination, procedures and
practices, and internal oversight.
Currently, 15 of 26 agencies evaluated each quarter on
the PMA scorecard have conducted and publicly posted
privacy impact assessments for ninety percent or more of
applicable systems, and 18 have developed and published
privacy act systems of records in at least 90 percent of
required circumstances, according to OMB.
It said over half of the 24 CFO act agencies have
designated their chief information officers as their
senior agency officials for privacy, while the remainder
designated individuals at the assistant secretary, general
counsel, deputy general counsel, or component director level.
Fewer small agencies, one fourth to one third, designated
CIOs as their senior privacy officials but not as many
have CIOs to begin with.
All but one of the 24 CFO act agencies say their senior
privacy official reviews compliance with agency information
privacy activities; evaluates the privacy impact of
legislative, regulatory and other policy proposals, as
well as testimony and other formal communications; and
assesses the impact of technology on the privacy of personal
information, the report said.
