Pt. 323, App. E
Appendix E to Part 323
—OMB Guidelines for Matching Programs
A. Purpose. These guidelines supplement and will be used in conjunction with OMB Guidelines on the Administration of the Privacy Act of 1974, issued on July 1, 1975, and supplemented on November 21, 1975. They replace earlier guidance on conducting computerized matching programs issued on March 30, 1979. They are intended to help agencies relate the procedural requirements of the Privacy Act to the operational requirements of computerized matching. They are designed to address the concern expressed by the Congress in the Privacy Act of 1974 that “the increasing use of computers and sophisticated information technology, while essential to the efficient operation of the Government, has greatly magnified the harm to individual privacy that can occur from any collection, maintenance, use, or dissemination of personal information.” These guidelines do not authorize activities that are not permitted by law, nor do they prohibit activities expressly required to be performed by law. Complying with these guidelines, however, does not relieve a Federal agency of the obligation to comply with the provisions of the Privacy Act, including any provisions not cited in these guidelines.
These guidelines apply to all agencies subject to the Privacy Act of 1974 (5 U.S.C. 552a
) and to all matching programs:
1. Performed by a Federal agency, whether the personal records used in the match are Federal or nonfederal.
2. For which a Federal agency discloses any personal records for use in a matching program performed by any other Federal agency or any nonfederal organization.
C. Effective Date. These guidelines were effective on May 11, 1982.
D. Definitions. For the purpose of the Guidelines, all the terms defined in the Privacy Act of 1974 apply.
1. Personal Record. Any information pertaining to an individual that is stored in an automated system of records; for example, a data base which contains information about individuals that is retrieved by name or some other personal identifier.
2. Matching Program. A procedure in which a computer is used to compare two or more automated systems of records or a system of records with a set of nonfederal records to find individuals who are common to more than one system or set. The procedure includes all of the steps associated with the match, including obtaining the records to be matched, actual use of the computer, administrative and investigative action on the hits, and disposition of the personal records maintained in connection with the match. It should be noted that a single matching program may involve several matches among a number of participants. Watching programs do not include the following:
a. Matches which compare a substantial number of records, such as, comparison of the Department of Education's defaulted student loan data base with the Office of Personnel Management's Federal employee data base would be covered; comparison of six individual student loan defaultees with the OPM file would not be covered.
b. Checks on specific individuals to verify data in an application for benefits done reasonably soon after the application is received.
c. Checks on specific individuals based on information which raises questions about an individual's eligibility for benefits or payments done reasonably soon after the information is received.
d. Matches done to produce aggregate statistical data without any personal identifiers.
e. Matches done to support any research or statistical project when the specfic data are not to be used to make decisions about the rights, benefits, or privileges of specific individuals.
f. Matches done by an agency using its own records.
3. Matching Agency. The Federal agency which actually performs the match.
4. Source Agency. The Federal agency which discloses records from a system of records to be used in the match. Note that in some circumstances a source agency may be the instigator and ultimate beneficiary of the matching program, as when an agency lacking computer resources uses another agency to perform the match. The disclosure of records to the matching agency and any later disclosure of “hits” (by either the matching or the source agencies) must be done in accordance with the provisions of paragraph (b) of the Privacy Act.
5. Hit. The identification, through a matching program, of a specific individual.
E. Guidelines for Agencies Participating in Matching Programs. Agencies should acquire and disclose matching records and conduct matching programs in accordance with the provisions of this section and the Privacy Act.
1. Disclosing Personal Records for Matching Programs—
a. To another Federal agency. Source agencies are responsible for determining whether or not to disclose personal records from their systems and for making sure they meet the necessary Privacy Act disclosure provisions when they do. Among the factors source agencies should consider are:
(1) Legal authority for the match.
(2) Purpose and description of the match.
(3) Description of the records to be matched.
(4) Whether the record subjects have consented to the match; or whether disclosure of records for the match would be compatible with the purpose for which the records were originally collected; that is, whether disclosure under a “routine use” would be appropriate; whether the soliciting agency is seeking the records for a legitimate law enforcement activity—whichever is appropriate; or any other provision of the Privacy Act under which disclosure may be made.
(5) Description of additional information which may be subsequently disclosed in relation to “hits.”
(6) Subsequent actions expected of the source (for example, verification of the identity of the “hits” or followup with individuals who are “hits”).
(7) Safeguards to be afforded the records involved, including disposition.
b. If the agency is satisfied that disclosure of the records would not violate its responsibilities under the Privacy Act, it may proceed to make the disclosure to the matching agency. It should ensure that only the minimum information necessary to conduct the match is provided. If disclosure is to be made pursuant to a “routine use” (Section b.3. of the Privacy Act), it should ensure that the system of records contains such a use, or it should publish a routine use notice in the Federal Register. The agency should also be sure to maintain an accounting of the disclosure pursuant to Section (c) of the Privacy Act.
c. To a nonfederal entity. Before disclosing records to a nonfederal entity for a matching program to be carried out by that entity, a source agency should, in addition to all of the consideration in subparagraph a, above, also make reasonable efforts, pursuant to Section (e)(6) of the Privacy Act, to “assure that such records are accurate, complete, timely, and relevant for agency purposes.”
2. Written Agreements. Before disclosing to either a Federal or non-Federal entity, the source agency should require the matching entity to agree in writing to certain conditions governing the use of the matching file; for example, that the matching file will remain the property of the source agency and be returned at the end of the matching program (or destroyed as appropriate); that the file will be used and accessed only to match the file or files previously agreed to; that it will not be used to extract information concerning “non-hit” individuals for any purpose, and that it will not be duplicated or disseminated within or outside the matching agency unless authorized in writing by the source agency.
3. Performing Matching Programs—
a. Matching agencies should maintain reasonable administrative, technical, and physical security safeguards on all files involved in the matching program.
b. Matching agencies should ensure that they have appropriate systems of records including those containing “hits,” and that such systems and any routine uses have been appropriately notices in the Federal Register and reported to OMB and the Congress.
4. Disposition of Records—
a. Matching agencies will return or destroy source matching files (by mutual agreement) immediately after the match.
b. Records relating to this will be kept only so long as an investigation, either criminal or administrative, is active, and will be disposed of in accordance with the requirements of the Privacy Act and the Federal Records Act.
5. Publication Requirements—
a. Agencies, before disclosing records outside the agency, will publish appropriate “routine use” notices in the Federal Register, if necessary.
b. If the matching program will result in the creation of a new or the substantial alteration of an existing system of records, the agency involved should publish the appropriate Federal Register notice and submit the requisite report to OMB and the Congress pursuant to OMB Circular No. A-108.
6. Reporting Requirements—
a. As close to the initiation of the matching program as possible, matching agencies will publish in the Federal Register a brief public notice describing the matching program. The notice should include:
1. The legal authority under which the match is being conducted.
2. A description of the matching program including whether the program is one time or continuing, the organizations involved, the purpose or purposes for which the program is being conducted, and the procedures to be used in matching and following up on the “hits.”
3. A complete description of the personal records to be matched, including the source or sources, system of records identifying data, date or dates and page number of the most recent Federal Register full text publication when appropriate.
4. The projected start and ending dates of the program.
5. The security safeguards to be used to protect against unauthorized access or disclosure of the personal records.
6. Plans for disposition of the source records and “hits.”
7. Agencies should send a copy of this notice to the Congress and to OMB at the same time it is sent to the Federal Register.
a. Agencies should report new or altered systems of records as described in subparagraph 5b, above, as necessary.
b. Agencies should also be prepared to report on matching programs pursuant to the reporting requirements of either the Privacy Act or the Paperwork Reduction Act. Reports will be solicited by the Office of Information and Regulatory Affairs and will focus on both the protection of individual privacy and Government's effective use of information technology. Reporting instructions will be disseminated to the agencies as part of either the reports required by paragraph (p) of the Privacy Act, or section 3514 ofPub. L. 96-511.
8. Use of Contractors. Matching programs should, as far as practicable, be conducted “in-house” by Federal agencies using agency personnel, rather than by contract. When contractors are used:
a. The matching agency should, consistent with paragraph (m) of the Privacy Act, cause the requirements of that Privacy Act to be applied to the contractor's performance of the matching program. The contract should include the Privacy Act clause required by Federal Personnel Regulation Amendment 155 (41 CFR 1-1.337-5
b. The terms of the contract should include appropriate privacy and security provisions consistent with policies, regulations, standards, and guidelines issued by OMB, GSA, and the Department of Commerce.
c. The terms of the contract should preclude the contractor from using, disclosing, copying, or retaining records associated with the matching program for the contractor's own use.
d. Contractor personnel involved in the matching program shall be made explicitly aware of their obligations under the Privacy Act and of these guidelines, agency rules, and any special safegurds in relation to each specific match performed.
e. Any disclosures of records by the agency to the contractor should be made pursuant to a “routine use” (5 U.S.C. 552a(b)(3)
F. Implementation and Oversight. OMB will oversee the implementation of these guidelines and will interpret and advise upon agency proposals and actions within their scope, consistent with section 6 of the Privacy Act.