About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

1 1 (February 23, 2022)

handle is hein.crs/govefht0001 and id is 1 raw text is: C o g e s o a R e s a r c S e rvU 0 February 23, 2022 Federal Data Integration and Individual Rights: The Computer Matching and Privacy Protection Act Executive branch agencies face an ever-evolving policy, regulatory, and technological landscape when seeking to share or combine individual-level data across organizational or programmatic boundaries. Congress has deliberated and legislated the use of data integration for more than 50 years, aiming to promote the efficient administration of government programs while protecting individual privacy and maintaining the country's trust in how the federal government uses information on individuals. The Computer Matching and Privacy Protection Act (P.L. 100-503; CMPPA) is a significant part of the statutory and policy landscape shaping how agencies can share and combine data sources. First passed in 1988, the CMPPA has been amended 10 times, most recently in 2014. The CMPPA addresses how agencies may do specific types of computer matching. This term refers to using a computer for the comparison of information on individuals from two or more systems of records for either of two purposes: 1. To establish or verify eligibility for a federal benefit program and to recoup debts and improper payments made to individuals under these benefit programs; and 2. To manage federal personnel. The CMPPA emerged from congressional concerns that the oversight of agency computer matching was inadequate. In particular, the extent of computer matching in the executive branch was unknown, and the due process rights of individuals were not adequately protected from adverse actions by an agency using inaccurate information. This In Focus describes the CMPPA's scope, procedural requirements, mechanisms to promote agency oversight, and due process protections. The CMPPA establishes some boundaries on the use of computer matching and procedures for protecting individuals. Federal efforts to share and combine data for decisionmaking, and for benefit program administration specifically, implicate the CMPPA in important ways, which may create ongoing and new issues for Congress. Scope of the CMPPA Matching programs. The CMPPA amended provisions originally enacted in the Privacy Act of 1974 (5 U.S.C. §552a). The Privacy Act generally restricts how executive agencies may disclose or share records that identify individuals in the absence of written consent, with certain exceptions. The CMPPA identifies the specific, narrow purposes under which an executive agency may share, receive, and compare identifiable, individual-level data for matching. A matching of records for one of the CMPPA's two purposes establishes a matching program (5 U.S.C. §§552a(8)(A), 552a(o)). The CMPPA further requires an agency with a matching program to ensure an individual is afforded with due process prior to taking any adverse action against that individual, including suspending, terminating, reducing, or making a final denial of payment or assistance. Certain matching activities excluded from the CMPPA. The CMPPA specifically excludes several types of matching from its procedural and oversight requirements. These include matches to support research and statistical projects, the specific data of which may not be used to make adverse decisions affecting the rights, benefits, or privileges of a specific individual. Other matching activities that are excluded from the CMPPA's coverage are specified in Title 5, Section 552a(8)(B), of the U.S. Code and in other laws. Major Procedural Requirements The CMPPA sets forth multiple procedural requirements an agency must meet when matching for one of the act's covered purposes. In addition to specifying agency responsibilities, the law requires the Office of Management and Budget (OMB) to develop guidelines and regulations for agencies and to continually assist and oversee agencies' implementation (5 U.S.C. §552a(v)). Agency Responsibilities Source and recipient agencies. The CMPPA authorizes the matching of data between a federal government agency and another federal, state, or local government entity (P.L. 100-503, §9; 5 U.S.C. §552a note). The CMPPA identifies two parties to a matching program: a source agency that discloses records and a recipient agency that receives those records. A source agency is defined as either a federal executive branch agency or a state or local government agency (5 U.S.C. §552a(a)(11)). A recipient agency is defined as a federal executive branch agency or a contractor of one. The CMPPA does not include nonfederal agencies in the definition of recipient agency. Certain federal benefit programs may, however, address circumstances when a federal agency may disclose records to a nonfederal agency. OMB's Circular No. A-108, Federal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act, describes some processes executive branch agencies should use when a nonfederal agency is a recipient of records for a matching program. An executive agency may establish a regulation to require a nonfederal recipient agency to comply with provisions of the CMPPA. Written agreement. A source and recipient agency are required to enter into a detailed computer matching ittps://Crsreports.congress.g(

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Contact us for annual subscription options:

Contact Us

Already a HeinOnline Subscriber?

Log In

profiles profiles most