THE COMPUTER MATCHING AND PRIVACY PROTECTION ACT OF 1987

STAT Declassified in Part - Sanitized Copy Approved for Release 2013/04/18 : CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18 : CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 100TH CONGRESS" I 2d. Session SENATE? REPORT 100-516 OS gREG I STRY f3-15.2-0 THE COMPUTER MATCHING AND PRIVACY PROTECTION ACT OF 198b 3 OCT 938 0#6441eMotait -EA/-Ca REPORT OF THE COMMITTEE ON GOVERNMENTAL AFFAIRS UNITED STATES SENATE TO ACCOMPANY S. 496 TO AMEND TITLE 5 OF THE UNITED STATES CODE, TO ENSURE PRIVACY, INTEGRITY, AND VERIFICATION OF DATA DISCLOSED FOR COMPUTER MATCHING, TO ESTABLISH DATA INTEGRITY BOARDS WITHIN FEDERAL AGENCIES, AND FOR OTHER PUR- POSES SEPTEMBER 15 (legislative day, SEPTEMBER 7), 1988.?Ordered to be printed ' U.S. GOVERNMENT PRINTING OFFICE 19-010 WASHINGTON: 1988 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 :417- COMMITTEE ON GOVERNMENTAL AFFAIRS JOHN GLENN, Ohio, Chairman LAWTON CHILES, Florida SAM NUNN, Georgia CARL LEVIN, Michigan JIM SASSER, Tennessee DAVID PRYOR, Arkansas GEORGE J. MITCHELL, Maine JEFF BINGAMAN, New Mexico WILLIAM V. ROTH, JR., Delaware TED STEVENS, Alaska WILLIAM S. COHEN, Maine WARREN B. RUDMAN, New Hampshire JOHN HEINZ, Pennsylvania PAUL S. TRIBLE, JR., Virginia LEONARD WEISS, Staff Director Jo ANNE BARNHART, Minority Staff Director MICHAL SUE PROSSER, Chief Clerk SUBCOMMITTEE ON OVERSIGHT OF GOVERNMENT MANAGEMENT CARL LAWTON CHILES, Florida DAVID H. PFtY0R, Arkansas GEORGE J. MITCHELL, Maine JEFF BINGAMAN, New Mexico LEVIN, Michigan, Chairman WILLIAM S. COHEN, Maine WARREN RUDMAN, New Hampshire JOHN HEINZ, Pennsylvania TED STEVENS, Alaska LINDA J. GUSTITUS, Staff Director and Chief Counsel ELISE J. BEAN, Counsel MARY BERRY GERWIN, Staff Director and Chief Counsel to the Minority FRANKIE DE VERGIE, Chief Clerk Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 100TH CONGRESS I 2d Session SENATE I REPORT 100-516 THE COMPUTER MATCHING AND PRIVACY PROTECTION? ACT OF 1987 ? SEPTEMBER 15 (legislative day, SEPTEMBER 7), 1988.?Ordered to be printed Mr. GLENN, from the Committee on Governmental Affairs, submitted the following REPORT [To accompany S. 496] The Committee on Governmental Affairs, to which was referred the bill (S. 496) to amend title 5 of the United States Code, to ensure privacy, integrity, and verification of data for computer matching, to establish Data Integrity Boards within Federal agen- cies, and for other purposes, having considered the same, reports favorably thereon with an amendment and recommends that the bill as amended do pass. CONTENTS Page I. Purpose and History of S. 496 1 II. Background: Definition and History of Computer Matching 2 III. The Senate Oversight of Government Management Subcommittees In- vestigation of Computer Matching 3 IV. Provisions of S. 496 9 V. Section-by-Section Analysis 22 VI. Estimated Cost of Legislation 26 VII. Evaluation of Regualtory Impact 28 VIII. Changes in Existing Law 28 I. PURPOSE AND HISTORY OF S. 496 The purpose of S. 496, the Computer Matching and Privacy Pro- tection Act of 1987, is to improve the oversight and procedures gov- erning the disclosures of personal information in computer match- ing programs and to protect the privacy and due process rights of individuals whose records are exchanged in such matching pro- grams. S. 496 was reported unanimously by the Committee on Govern- mental Affairs on May 20, 1987, and was passed by the Senate on May 21, 1987. The House of Representatives passed S. 496 on (1) Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 2 August 1, 1988, substituting the text of H.R. 4699, a companion bill to S. 496, in lieu of the Senate language. The House amendment includes many of the same provisions of the Senate-passed version. This report discusses the provisions of S. 496, as passed by the Senate, and notes changes made to S. 496 by the House amend- ment. II. BACKGROUND: DEFINITION AND HISTORY OF COMPUTER MATCHING Computer matching is the computer-assisted comparison of two or more automated lists or files to identify inconsistencies or irreg- ularities among the lists or files. For example, the Department of Education's list of delinquent student loans could be cross-checked with lists of federal employees to determine whether any student loan defaulters work for the federal government. Comparisons can involve the matching of names, Social Security numbers, addresses, government contract numbers, or other personal identifiers. Most computer matching is performed to detect fraud, error, or abuse in government programs or to determine whether a specific applicant or recipient of benefits under a government program truly qualifies for benefits. The first major computer matching program conducted by the federal government dates back to 1977, when the U.S. Department of Health, Education, and Welfare used this computer technique to detect overpayments in its Aid to Families with Dependent Chil- dren (AFDC) program. This effort entitled "Project Match," com- pared the records of approximately 78 percent of all recipients of AFDC with the payroll records of about three million federal em- ployees, in order to detect those who might be illegally drawing welfare payments. A pilot match conducted in the District of Co- lumbia identified over $330,000 in possibly incorrect payments being made to individuals. Prior to this project, only a small number of small-scale computer matches had been conducted by the federal government. Subsequent to Project Match, Inspectors General in various agen- cies adopted computer matching as an audit tool to detect fraud error, or abuse in federal benefit programs. The Inspector General at the Department of Agriculture, for example, conducted several computer matches of Food Stamp records with other welfare bene- fit programs in selected states to determine whether ineligible indi- viduals were receiving food stamps. In 1978, this same office within the Department of Agriculture matched emergency loans of the Farmers' Home Administration with disaster loan records of the Small Business Administration, finding excess loans amounting to $2,300,000. The Inspector General reported that by the end of 1981, over $1.25 million in such excess loan amounts had been recovered, with the actual match costing the IG's office $50,000 to conduct. In 1979, faced with the growing use of computer matching to detect fraud, error or abuse in government programs, the Office of Management and Budget (OMB) issued "Guidelines on the Conduct of Computer Matching Programs". The stated purpose of these guidelines was to aid agencies conducting computer matching pro- grams in "balancing the government's need to maintain the integ- rity of Federal programs with the individual's right to personal pri- Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 3 vacy." The guidelines included analyses that should be made by agencies in deciding whether to conduct a matching program, as well as reporting and publication provisions. In addition to the growing use of computer matches by agencies as an administrative tool for auditing programs, the Congress had also, by the late 1970, mandated the use of matching in certain gov- ernment benefit programs to check the eligibility of persons par- ticipating in these programs. Public Law 95-216, for example, re- quires state welfare agencies to use wage information contained in State Employment Security Agency files or in Social Security files to determine AFDC eligibility and payment amounts. Legislation passed by the Congress in 1981 also mandated wage matching for the Food Stamp program. In 1981, the President's Council on Integrity and Efficiency [PCIE], comprised of the Inspectors General and chaired by the Deputy Director of OMB, formed the Long-Term Computer Match- ing Project to promote the use of computer matching by federal and state agencies. This project sought to gather information about federal and state matching activities, identify and remove technical and administrative obstacles to computer matching, and foster fed- eral and state cooperation in exchanging records for computer matching purposes. One of the earliest tasks completed by the project was the revision of the OMB guidelines governing computer matching programs in order to streamline the administrative re- quirements for conducting computer matching programs. Through the PCIE, the Reagan Administration has endorsed computer matching as a useful tool to combat fraud and to increase govern- ment efficiency. III. THE SENATE OVERSIGHT OF GOVERNMENT MANAGEMENT SUBCOMMITTEE'S INVESTIGATION OF COMPUTER MATCHING The promotion of computer matching by the PCIE to detect fraud and abuse and the increasing statutory requirements to match records from different programs to check eligibility for gov- ernment benefits spurred the Senate Subcommittee on Oversight of Government Management, under the chairmanship of Senator Wil- liam S. Cohen, to investigate this auditing technique to determine its ramifications for both the government and private citizens. The Subcommittee was particularly interested in charges made by pri- vacy and public interest groups that computer matching could ad- versely affect the privacy and due process rights of individuals. Since 1981, the Subcommittee has held two sets of oversight hear- ings on computer matching programs: The first, in December 1982, focused on the oversight of computer matching programs to detect fraud and mismanagement in government programs; the second, on June 6, 1984, focused on the use of tax records in computer match- ing programs. At these hearings, the Subcommittee heard and re- ceived testimony from several witnesses representing both the fed- eral government and state government agencies, on the use of matching programs to detect fraud, error, or overpayments, as well as from privacy experts and the General Accounting Office. During its investigation, the Subcommittee also closely monitored statuto- ry and administrative developments relating to computer matching Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 4 programs at both federal and state levels of government. As a result of these hearings, Senators Cohen and Carl Levin introduced S. 2756, the Computer Matching and Privacy Protection Act of 1986, on August 14, 1986. A revised version of this bill, S. 496, the Computer Matching and Privacy Protection Act of 1987, was intro- duced by Senators Cohen and Levin on February 5, 1987. A. CURRENT SCOPE OF COMPUTER MATCHING There has been a dramatic increase in the use of computer matching programs since 1980 by both federal and state govern- ment agencies. Although the precise number of matches that have been conducted during this period is difficult to quantify due to the lack of a comprehensive reporting mechanism, the Office of Tech- nology Assessment testified that the number of computer matches nearly tripled between 1980 and 1984. The number of records on individual citizens exchanged in these matching programs is stag- gering. An OTA survey, conducted in 1986, for example, found that 7 billion records were exchanged in only 20 percent of all computer matching programs reported at the federal level between 1980 and 1985. The increase in the number of computer matching programs has been facilitated by several statutory provisions that require agen- cies to exchange personal information, most often in the form of computer matching programs. The Debt Collection Act of 1982, for example, establishes a data-sharing system between federal agen- cies and private credit reporting agencies in order to increase the collection of delinquent non-tax debts, through such mechanisms as offsetting the salaries of federal employees to satisfy debts owed to the government, screening credit applicants against the IRS files to check for tax delinquencies, and referring delinquent non-tax debts to credit bureaus to affect credit ratings. Other statutes authorize specific computer matches, such as the Department of Defense Au- thorization Act of 1982, which requires the Secretary of education to prescribe methods for verifying that individuals receiving grants, loans, or work assistance under Title IV of the Higher Edu- cation Act of 1965 have complied with military registration re- quirements. The most extensive computer matching program specifically au- thorized by Congress to date is the "IEVS" system (Income Eligibil- ity Verification System), mandated by the Deficit Reduction Act of 1984 (DEFRA). Under this system, the Social Security Administra- tion's Supplemental Security Income (SSI) program and state agen- cies administering the AFDC, Food Stamp, Medicaid, federal unem- ployment compensation programs, and Social Security adult assist- ance programs must request and use unearned income data from the Internal Revenue Service to determine the eligibility of appli- cants to and recipients of these assistance programs. DEFRA also strengthened the authority of the AFDC and Food Stamp programs to use wage data from the Social Security Administration and from state employment agencies for eligibility verification purposes. In a typical IEVS match, each state agency administering these benefit programs will send their computer tapes of applicants or recipients to IRS or SSA, which will in turn match the tapes of applicants Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18 : CIA-RDP91B00390R000300210006-8 5 and recipients with their own files and provide the states with un- earned income (i.e., interest and dividend earnings) and wage data on the names submitted by the states. The states use this informa- tion to determine whether applicants or recipients have unreported assets or income earned in excess of the amounts allowed under the Food Stamp, AFDC, and other federal benefit programs. In the aggregate, the matches of applicants in these programs with IRS records would result in approximately 250,000 records on public as- sistance being matched against a file containing unearned income data on nearly 180 million persons. B. BENEFITS OF COMPUTER MATCHING PROGRAMS Computer matching programs can be, if conducted properly, a useful tool to ensure the integrity and efficiency of government programs. The Office of Management and Budget and the Presi- dent's Council on Integrity and Efficiency have attributed substan- tial savings and recoveries of overpayments in federal benefit pro- grams to the use of comptuer matching. Savings can be realized from matching records of recipients in federal benefit programs with the files of other agencies or programs to verify the eligibility of individuals currently receiving benefits. In July 1985, for exam- ple, the records of four million Supplemental Security Income re- cipients were matched with the unearned income files of the Inter- nal Revenue Service. This match identified $117.5 million in over- payments for which recovery action was instituted. The Social Se- curity Administration reported that the total cost of conducting this match, including the cost of follow-up, was $6.4 million Simi- larly, in October 1985, the State of Missouri matched SSI data files with Medicaid files to identify individuals who were residing in Medicaid-reimbursed facilities but receiving full SSI payments. This match identified over $44,000 in overpayments while costing only $10,000 to conduct the match. Significant savings have also been attributed to computer match- ing performed for the purpose of debt collection. The Department of Education, for example, reported that a computer match of de- linquent student loan debtors against federal employee active and retired rolls conducted in 1982 recovered $3.4 million in delinquent loan payments. The Congress has, through the enactment of the Debt Collection Act of 1982, recognized that the cross-checking of lists of applicants for and recipients of loan assistance with Inter- nal Revenue Service delinquent tax files and the matching of feder- al employees' Social Security numbers with the delinquent debt files of other federal credit agencies can result in savings to the federal government. Deterrence and management improvement are other means by which computer matching can achieve potential savings for the fed- eral government.- While difficult to quantity, some Inspectors Gen- eral have noted that computer matching, when announced to the public, has acted as a deterrent against future fraud. Inspector General of the Department of Health and Human Services (HHS), Richard P. Kusserow, testified before the Oversight Subcommittee that: Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 6 There is also considerable evidence that cleaning up a data base and front-end matching have a deterrent effect. For example, a number of individuals in one state asked that their names be removed from Food Stamp rolls fol- lowing a public report of a match of public assistance with state employment and other records. . . This phenomenon of voluntary withdrawal from the program when a tech- nique is announced is more the rule than the exception. Similarly, computer matches can result in management improve- ment in federal benefit programs. The results of a match could, for example, be used to identify information that should be asked of applicants for benefit programs that would prevent the enrollment of those who do not qualify for program participation, or could identify poor data that exists in certain systems of records used in matching, such as erroneous Social Security numbers. Such im- provements in the internal or management controls of government programs could result in significant savings to the government over long periods of time. C. CONCERNS RAISED BY COMPUTER MATCHING While computer matching can be a useful administrative tool for federal and state government agencies, the current use of this tech- nique raises substantial policy concerns. Several Congressional re- views of computer matching programs, including those conducted by the Senate Subcommittee on Oversight of Government Manage- ment, the House Commit tee on Government Operations, the Office of Technology Assessment, and the General Accounting Office, as well as private sector assessments of the use of computer matching made by the American Bar Association and the American Civil Liberties Union, have concluded that the exchange and use of per- sonal information in computer matching programs, unless ade- quately overseen and administratively controlled, can pose signifi- cant risks to the due process and privacy rights of individuals. These reports further conclude that the current oversight of com- puter matching programs conducted within the Executive Branch is inadequate, and that the extent of computer matching programs, while undoubtedly increasing, is unknown. 1. Privacy and Due Process Concerns Although the Privacy Act of 1974 (5 U.S.C. sec. 552a) preceded the development and use of computer matching, in passing the law the Congress expressed concern that "the increasing use of comput- ers and sophisticated information technology, while essential to the efficient operations of the Government, has greatly magnified the harm to individual privacy that can occur from any collection, maintenance, use, or dissemination of personal information." The Act, therefore, makes any system of records from which informa- tion is retrieved using personal identifiers (such as name, Social Se- curity number, or claim number) subject to its provisions. Over the years, such systems have been subject to implementing guidelines and instructions pertaining to the Act. For example, the Office of Management and Budget has issued guidance to agencies on how to relate the procedural requirements of the Privacy Act of Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 7 1974 to the use of computerized matching programs. Despite the ex- istence of this guidance, however, concerns still exist that computer matching may be conducted in a manner that is intrusive to the personal privacy of individuals whose records are matched. Privacy advocates have expressed concerns, for example, that some match- ing programs may, if unchecked, constitute broad "fishing expedi- tions" potentially in violation of the Fourth Amendment right against unreasonable searches and seizures. Testimony before the Senate Oversight Subcommittee indicated that the Privacy Act has, in practice, done little to restrict disclo- sures for computer matching programs. The Office of Technology Assessment has concluded, for example, that "the Privacy Act as interpreted by the courts and OMB guidelines offer little protection to individuals who are the subjects of computer matching." Studies of computer matching programs have also concluded that the use of information from computer matching programs to deny, suspend, or reduce federal benefits, or take other adverse actions against individuals should incorporate due process protections. The need for due process procedures in matching programs is illustrat- ed vividly by a computer matching program that was conducted by the State of Massachusetts in 1982. In that program, lists of wel- fare recipients were matched against bank records in order to iden- tify individuals who had assets in excess of the amounts allowed by law. Over 1600 welfare recipients were identified as having excess assets and were immediately sent termination notices without any action being taken by the Massachusetts Welfare Department to verify the accuracy of the information used in or produced by the match, or to obtain explanations on whether the assets found in the bank accounts were allowed under existing regulations. The failure to verify the accuracy of the "hits" produced by the matching program resulted in a significantly high rate of appeals and reversals of the terminations in the Massachusetts bank match case. The appeals rate was six times higher than the usual rate of appeals for terminations. Of those that appealed, half of the errors involved mistakes in the Social -Security numbers used. In these cases, the recipient did not really have the assets that were indicat- ed by the matching program. Some of the terminations were re- versed on appeal because the assets identified by the matching pro- gram were funds held- in trusts for others, funds held in joint ac- counts, or funds for burial expenses, none of which would have ren- dered an individual ineligible for welfare benefits. Since that experience, the Massachusetts Department of Public Welfare has verified its "raw hits" prior to taking action on matches. In 1983, such verification refined the 6,482 "raw hits" re- vealed in a bank matching program to 1,328. Further fact-finding conferences reduced this number to 493 cases, which were sent ter- mination notices. Of the 493 families sent notices, 384 cases were found to have assets in excess of allowable amounts under the wel- fare programs. The final number of verified cases of ineligible per- sons is only six per cent of the original hits identified in the match. While the Committee recognizes that verification practices of fed- eral agencies conducting matching programs have generally im- proved since the 1982 Massachusetts bank match experience, that case clearly illustrates the consequences of taking steps to reduce Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18 CIA-RDP91B00390R000300210006-8 8 or deny benefits on the basis of faulty data. Due process requires that individuals should not be subject to adverse actions solely on the basis of data that has been inadequately verified for accuracy. Instead, government agencies conducting computer matches should be required to take steps to verify the accuracy, timeliness, and completeness of data that is used as the basis for adverse action against individuals. Moreover, due process requires that individuals receive adequate notice of any proposed action to be taken by the government and be provided an opportunity to contest the accura- cy of the information which underlies the government action. There is broad consensus that basic due process protections should be provided for individuals who are the subjects of computer matching programs. Congress has begun to incorporate procedural safeguards for individuals in matches that it has mandated by law. The Deficit Reduction Act of 1984, for example, requires agencies to independently verify the information derived from computer matches, as well as provide notice and an opportunity for individ- uals to contest information before reducing, suspending, or denying federal benefits based on the results of the computer matching pro- grams required by that law. The President's Council on Integrity and Efficiency has also recognized the need for due process protec- tions in computer matching programs. The current Chairman of the PCIE, Deputy Director of OMB Joseph R. Wright, Jr., testified before a House Government Operations Subcommittee that the ver- ification and notice provisions required by S. 496: provide an adequate measure of privacy and due process protection to individuals subject to eligibility tests through matching programs and front-end eligibility verification programs. Because of the errors that may be part of any matching program and the harm that the use of unverified information may cause, we feel strongly that these steps must be taken to protect individual privacy. While Congress has required such notice and verification require- ments in some computer matches mandated by law, many com- puter matches involving the records of individuals are conducted under other, more general statutory authorities. In such cases, a danger exists that individuals whose records are matched may have their federal benefits denied, suspended, or reduced, or have other adverse action taken against them, solely on the basis of out- of-date or faulty information, and have no opportunity to contest the accuracy of such information. 2. Need for Administrative Controls on Computer Matching Studies and congressional hearings on computer matching also indicate that there are inadequate administrative controls in place to oversee the current use of computer matching programs involv- ing records that are subject to the Privacy Act. Although the Office of Management and Budget has issued guidelines advising agencies conducting matches to enter into agreements governing the use of the records exchanged in the matching programs and requiring such agencies to file matching reports describing the matching pro- grams with OMB, these guidelines are not binding on agencies. Testimony before subcommittees of both the Senate Governmental Declassified in Part - Sanitized Copy Approved for Release 2013/04/18 CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18 CIA-RDP91B00390R000300210006-8 9 Affairs Committee and the House Government Operations Commit- tee indicate that OMB has not enforced its matching guidelines, which require a brief description of the match and publication of the description of the match in the Federal Register "as close to the initiation of the matching program as possible". Testimony also disclosed that OMB does not routinely monitor the agencies' com- pliance with its guidelines. Both the General Accounting Office and the Office of Technology Assessment have concluded that there is little oversight of controls on how computer matching is conducted, and that no specific written criteria exist for determining whether a proposed match should be implemented. The lack of administrative controls on matching has also result- ed in a dearth of information on the precise extent of computer matching, and how many records of individuals are being ex- changed in such programs. While the OTA has estimated that the number of computer matches has tripled from 1980 to 1984, the lack of accountability governing matching programs prevents agency decision-makers, OMB, Congress, and, indeed, those individ- uals whose records are being matched, from knowing how much matching actually occurs. IV. PROVISIONS OF S. 496 The provisions of S. 496 are intended to address the privacy, due process, and administrative oversight concerns raised by the cur- rent state of computer matching. The bill contains three main ele- ments: (1) It requires that agencies participating in "computer matching programs" (a term defined by the bill) enter into written matching agreements outlining the terms of disclosure and use of information employed and produced by the match- ing program. No disclosure of information may be made for computer matching purposes unless a matching agreement has been approved. (2) It requires the establishment of a Data Integrity Board within each agency that conducts or participates in a matching program. The function of the Data Integrity Board is to over- see and coordinate the implementation of this Act by review- ing and approving matching agreements and by reviewing the matches in which its agency has participated in the past year to determine compliance with applicable laws, regulations, guidelines, and agency agreements, and to assess the cost and benefits of such programs. (3) It requires the establishment of procedural safeguards for individuals whose records are matched in programs covered by the Act, including requirements for the independent verifica- tion of information yielded by computer matches, and notice to and opportunity for individuals to contest the findings of com- puter matching programs prior to adverse actions being taken against such individuals. 1. Computer Matching Covered By the Act Section 5 of the bill defines the computer matching programs that are covered by this Act. In order to be subject to the bill's pro- Declassified in Part - Sanitized Copy Approved for Release 2013/04/18 CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 10 visions, the matching program must meet three criteria. First, at least one set of the records involved in the matching program must be a system of records as defined by and subject to the Privacy Act. Under the Privacy Act of 1974, a "system of records" is defined as "a group of records under the control of any agency from which in- formation is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular as- signed to the individual." Since by far most Privacy Act systems of records are maintained by federal agencies, the bill will generally cover only matches in- volving a federal agency as a source or recipient of information. As spelled out in the Senate-passed bill, this means that matching pro- grams can involve the exchange of records between two federal agencies, or between a federal agency and a non-federal matching entity. "A non-federal matching entity" is defined by the bill as a state or local government, or an agency thereof, a partnership or corporation, association, or public or private organization which re- ceives or supplies records in a matching program within the scope of this bill. Second, the definition of matching program extends only to the computerized comparison of sets of records. Thus, while separate sets of records are often compared manually to verify the eligibility of individuals to receive government benefits, such manual com- parisons are not covered by this bill. Finally, to meet the definition of a matching program under the bill, the matching program must fall into one of three general cate- gories of computer matches set forth in section 5. The first category of matching programs are those programs that are conducted for the purpose of establishing or verifying the eligibility of persons initially to receive or to continue to receive assistance under feder- al benefit programs. Matches conducted for such eligibility verifica- tion purposes include those matches that are conducted to deter- mine initial eligibility for benefits (so-called "front-end eligibility verification" matches), or continuing compliance with statutory and regulatory requirements for recipients or beneficiaries of, par- ticipants in, or providers of services for assistance under federal benefit programs. Such assistance can take the form of cash or in- kind assistance or payments under federal benefit programs. The term "federal benefit program" is broadly defined, and is intended to include any program administered or funded by the federal gov- ernment, or by a state or agent on behalf of the federal govern- ment. A match to determine eligibility of AFDC recipients, for ex- ample, is covered by the bill (since AFDC is a state-administered, federally funded program) so long as the AFDC records are matched with a Privacy Act system of records. The second category of matching programs subject to the bill are those matching programs conducted for the purpose of recouping payments or delinquent debts under federal benefit programs. As used in the bill, the term "payments" is intended to cover both cash or in-kind assistance under such benefit programs. Inclusion of matches under these two categories is determined by the purpose for conducting the match. Thus, for example, matches conducted by the Federal Parent Locator Service, within HHS, are not subject to the provisions of S. 496 because these matches are Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 11 conducted to locate absent parents who are not paying child sup- port in order to take action against them to secure such child sup- port payments. The Committee does not intend the bill to be con- strued to apply to matches performed by the Federal Parent Loca- tor Service to locate absent parents even though such payments may result in a recoupment of payments made by a federal benefit program, such as Aid to Families with Dependent Children. The federal benefit recoupment is not the principal purpose of the matching activity. The third category of matches covered by the bill are all match- ing programs using federal personnel or payroll systems of records, regardless of the purpose of the match. The bill covers these types of records because, historically, many matching programs have in- volved the records of federal employees or federal retirees. Since the federal government has comprehensive records on its own em- ployees and retirees, these records are often exchanged in match- ing programs to determine whether federal workers or retirees are receiving benefits for which they are ineligible, or whether they have delinquent debts with the government. Because the files on these individuals are most readily available to agencies for use in matching programs, concerns have been raised that these individ- uals are "captives" of matching programs and could, unless pro- tected, be most vulnerable to breaches of privacy in matching pro- grams. Thus, the bill covers all matches involving these records, re- gardless of purpose, unless the match is specifically subject to ex- ceptions discussed below. This category includes matches between two federal systems of records as well as matches between a federal system of records and non-federal records. The number of records matched is not a determining factor of whether a match is covered by this bill. A matching program can consist of hundreds of records of recipients being matched at one time, or a series of one individual's records being cross-checked against various sets of data to verify eligibility. A comparison of six individual student loan defaultees with the Office of Personnel Managment files would, for example, be subject to the require- ments of this bill. Unlike current OMB guidelines which do not apply to front-end eligibility verification or to matching programs that do not compare a substantial number of records, checks on specific individuals to verify data in an application and single matches to verify eligibility of a particular individual are subject to the bill. There are six types of matching activities that are specifically ex- empted from the scope of S. 496. First, a match that is performed to produce aggregate statistical data without personal identifiers is not covered by the bill. Second, a match performed to support any research or statistical project is excluded from coverage of the bill if no data resulting from the match is used to make decisions concerning the rights, benefits, or privileges of specific individuals. A third exemption exists for purely internal matches, i.e., matches performed within a single agency in which no records are matched outside that agency or one of its components. An impor- tant limitation, however, is placed on this exception. The exception does not apply if the agency is matching its federal personnel or Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 12 payroll records with the records of the Federal benefit programs it administers. For example, the bill covers internal agency matches of federal personnel records with federal benefit programs to find potential fraud or to determine if the agency's employees are im- properly receiving these benefits or whether they are delinquent in repaying federal loans. These matches are subject to the terms of this bill, because federal employees workers merit the same due process and privacy as do other citizens whose records are matched. A fourth exception exists for certain matches conducted for law enforcement purposes. This exception is available only to those agencies, or components thereof, which perform as their principal function any activity pertaining to the enforcement of criminal laws. An agency that is not principally a law enforcement agency may still have a component that can utilize this exclusion for specific matching activities. While an audit office that performs multiple functions, only one of which is the initiation of criminal law en- forcement investigations, would not qualify for this exclusion, a clearly identifiable investigative subunit that conducts criminal in- vestigations as its principal function may qualify for this exclusion. For example, the entire Internal Revenue Service would not qual- ify to use this law enforcement exclusion, but some matches con- ducted by the Criminal Investigations Division of the IRS could qualify for the exclusion. Agencies or components that qualify for this exclusion may use it only for matching programs that are conducted subsequent to the initiation of a specific criminal or civil investigation of a named person or persons for the purpose of gathering evidence against such person or persons. In order to qualify for this exclusion, an agency or component must be gathering evidence for an existing, on-going investigation whose targets are already identified. This exclusion is consistent with the bill's overall intent to pro- vide protections against the imporper use of computer matching. Matches of greatest concern and warranting most controls are those matches that are initiated without any evidence of wrongdo- ing by specific individuals. Such matching programs, if uncon- trolled, can too easily become "fishing expeditions" to find informa- tion about individuals when there is no suspicion of wrongdoing, risking violation of the Fourth Amendment prohibition against un- reasonable search and seizure. Computer matching may, however, be needed to substantiate or develop a legitimate law enforcement investigation. This legislation is not intended to impede exchanges of information which will contribute to a specific, targeted investi- gation. Thus, once a law enforcement investigation meets the re- quirements of the subsection, section 5 provides a total exclusion from the bill's coverage. The phrase "named individual or named individuals" is intended to mean that the investigation has already identified specific indi- viduals as its targets. A general description of targets, such as "program beneficiaries," would be insufficient to meet this defini- tion. Moreover, there must be a reasonable basis for believing that each of the identified targets of the investigation has engaged in Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 13 the improper conduct that is being investigated by the agency or component thereof. The fifth exclusion covers certain matching activities conducted by the Internal Revenue Service. The Senate-passed bill limited this exclusion to only those tax matches that are conducted pursu- ant to section 6103(d) of the Internal Revenue Code of 1986, author- izing disclosures of tax returns and tax return information to state tax officials for tax administration purposes. The House-passed version of S. 496 added two additional exclu- sions for matching programs involving tax records, both of which are acceptable to the Committee. One such provision provides a limited exception for disclosures of tax returns and tax return in- formation for purposes of tax administration as defined in section 6103(b)(4) of the Internal Revenue Code of 1986. This exclusion is intended to cover only those disclosures that are authorized by this section of the Internal Revenue Code and which are conducted for the purpose of tax administration. This exclusion will enable the IRS to continue matching tax returns with other information, such as interest and dividend payments, to facilitate tax administration and ensure taxpayer compliance. This provision, however, is in- tended to be a narrow one and does not exclude matching of tax information with other data for non-tax administration purposes. The other exclusion provided for by the House amendment covers matches of tax information for the purpose of intercepting tax refunds due to individuals. S. 496, as reported by the Commit- tee and passed by the Senate, did not exclude these matches due to concerns over the growing trend of offsetting tax refunds to recoup overdue debts or overpayments under other government programs. There is preliminary evidence that the use of such refund offsets can have detrimental effects on voluntary compliance with our tax laws. Individuals may avoid paying federal income taxes or under- withhold in order to avoid refund offsets in subsequent years. The House-passed amendment to S. 496, however, exempts certain tax refund offset programs from the legislation. Specifically, the House amendment excludes matches of tax information for the purpose of intercepting a tax refund due to an individual under authority granted by section 464 or 1137 of the Social Security Act (42 U.S.C. sections 664,1320 b-7). This exemption excludes from the bill's cov- erage matches conducted under these statutory authorities to col- lect past-due child support from tax refunds and matches of tax in- formation for the purpose of intercepting tax refunds due to indi- viduals under the income and eligibility verification system estab- lished by section 1137 of the Social Security Act (42 U.S.C. 1320 b-7). Further, the House amendment exempts refund offset programs which have been determined by the Office of Management and Budget to contain verification, notice and hearing requirements that are substantially similar to those strong procedures contained in Section 1137 of the Social Security Act. These provisions of the House amendment are acceptable to the Committee, because the Committee believes that the due process procedures included in Sections 464 and 1134 of the Social Security Act are sufficiently strong to meet the purposes of this bill. Requiring these matches also to be subject to the provisions of S. 496 would result in dupli- cative, costly procedures for agencies to follow. Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 14 Finally, S. 496 provides an exclusion for matches performed to produce background checks for security clearances of federal per- sonnel. The House amendments to S. 496 added an additional ex- emption, which is acceptable to the Committee, for matching pro- grams conducted to produce background checks for foreign counter- intelligence purposes. These exclusions are intended to allow all re- quired security clearance investigations to be performed without application of the matching procedures required by this bill. 2. Matching Agreements S. 496 requires that matching programs covered by the bill be conducted pursuant to written matching agreements. Section 2 of the bill specifies that no record contained in a system of records under the Privacy Act may be disclosed by a source agency to a federal agency or a non-federal entity for use in a computer match- ing program unless such disclosure is pursuant to a written match- ing agreement between the agency or entity disclosing the records and the agency receiving the records. The purpose for requiring written agreements is to increase and facilitate oversight of the use of computer matching and to estab- lish ground rules for the disclosure of information for matches, as well as for the use of information that is derived from computer matching programs. S. 496 enumerates several elements that must be included in written matching agreements. All of these elements must be present in order for the written agreements to be approved by the Data Integrity Boards of the agencies involved in the matching pro- gram prior to the disclosure of the records. First, the matching agreement must specify the justification, the purpose and legal authority for conducting the matching program. Second, as amended by the House, the bill requires the matching agreement to describe the anticipated results of the matching pro- gram, including a specific estimate of any savings anticipated as a direct result of the compter match. This amendment requires a cost-benefit analysis to be completed before the Data Integrity Board can approve a matching agreement, and the House bill di- rects agencies entering into the matching agreement to follow guidelines developed by the General Accounting Office on how to assess the costs and benefits of computer matches. The House bill also includes a provision allowing the Data Integrity Board to waive this cost-benefit analysis in certain circumstances. As passed by the Senate, S. 496 contains no specific requirement for a pre-match cost-benefit analysis. The Committee does, howev- er, view as legitimate the concerns that some computer matching programs may not prove to be cost-effective. While some Inspectors General and program managers have estimated that computer matching programs that are conducted to remove ineligible persons from government programs will result in huge savings, these esti- mates have been rarely substantiated by comprehensive cost-bene- fit analyses that take into account all of the actual costs of con- ducting, and following-up on the results of, the matching program. Without a solid measure of the actual costs and benefits of all phases of the matching program, resources may be devoted to corn- Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 15 puter matches when other efforts to reduce fraud, waste or abuse in government programs may actually be more cost-effective. While recognizing the importance of cost-benefit analysis, the Committee is also concerned that mandating pre-match cost benefit analyses is inappropriate for those matching programs that are re- quired by law. Thus, an amendment to the House-passed bill that the Committee would propose would specifically exempt these matches from the up-front cost-benefit analysis requirement. Since the costs of matching programs should be considered for those matches that will be repeated to determine if the matching pro- gram is truly cost-effective, the amendment further specifies that any subsequent matching agreement for a matching program spe- cifically required by statute will not be approved by the Data Integ- rity Board unless the agency has submitted a cost-benefit analysis of the program as conducted. Third, the matching agreement must describe the records that will be matched, including each data element used; the approxi- mate number of records that will be matched; and the projected starting and completion dates of the matching program. The Com- mittee recognizes that some matching programs, particularly those specifically mandated by statute, will involve a series of individual matches, at established intervals, between two sets of records. For example, AFDC records may be matched on a quarterly basis with unearned income data from the IRS. For such matches, the match- ing agreement should set forth the starting and completion dates of the matching program as a whole and the frequency of each indi- vidual match to take place within the program. Fourth, the matching agreement must also describe the proce- dures for providing due process protections to individuals whose records are matched. Specifically, the agreement must set forth the procedures for providing notice to applicants and recipients of fi- nancial assistance or payments under federal benefit programs and to applicants for and holders of positions as federal personnel, that any information provided by them may be subject to verification through a matching program. This provision requires individualized notice be givern at the time of application to a benefit program (or upon application for a position with the government) that the applicant's records may be matched. Constructive notice, such as a notice in the Federal Regis- ter that a match will be conducted, is insufficient to satisfy this re- quirement. The committee anticipates that the notice will be in- cluded on the application form itself, or with other notices provided to applicants. All notices provided must be plainly worded and non- coercive in tone. Periodic notice that information may be verified through match- ing must also be given to persons who are receiving benefits or holding government positions. The Data Integrity Board may direct agencies on the form that periodic notice may take. The Committee expects that individualized periodic notices will be given whenever possible. Options for periodic notice include inclusion of notices with checks sent to recipients, or notices to agency personnel through memoranda or bulletins. While separate mailings of peri- odic notices are not required by the bill, they may be required by Data Integrity Boards or OMB for specific matches. Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: ICIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18 : CIA-RDP91B00390R000300210006-8 16 Fifth, the agreement must set forth the procedures for verifying information produced in such matching programs. Verification pro- cedures must comply with the requirements set forth in the new section (p) of the Privacy Act as amended by this bill. Sixth, the matching .agreement .must 'establish procedures for re- tention and destruction of records *created by such matching pro- grams. This .provisionds intended to 'prevent the 'creation of perma- nent .files or new system ? of records from matching programs, be- cause the existence -of. such '`standing" files of "hits" from previous matches could too easily encourage the repeated use of these files for additional. .matching. The lisats ,of ? persons 'whose names emerged as "hits" in one match should not be retained as alist - of ? .suspects :for future ?matches, as; this poses. serious threats-to person- al ;privacy. The Committee 'recognizes, however, that identifiable records- created by a matching program must be retained for a rea- sonable .period to allow necessary.. follow-up to a matching. program. This. provision is intended to .ensure .that records generated- by 'a matching program ,are destroyed as soon as possible- After they are no-longer needed: . ? : Seventh, the matching .agreements,must also-specify:procedures foriensuring the administrative, technical, :arid-physical security Of the Scords -matdhed and -of the restilts of the 'matching -program, ? . ? and Must. prohibit :the ? duplication '.and. rediSclOstire of records? ? within .or ? outside. the :sotiroe agency, -unless :required -by law . or es- )sential to the...conduct.of the mate/fits prOgrAnt This,:prOVision is intended to. allow only those 'disclosures that-are 'necessary to com-.. -plete the .-mately.ittelfand to complete all necessary. verification and. followAtp.- to The 'matching ? Program, 'including AliSelostires ? duplication- of ?inforrnation .for use, in a civil 'or criminal investiga-. , ton or *prosecution :resulting from. .computer,mAtch.?. ...Eighth, The ,matching agreement must "specifyprOcedures govern:. .ing .use of records- provided by .a source agency, iucluding proce- dures.governing the return to the :source ,agencY?orthe 'destruction of records used in :such program,- The -intent (:)f. this provision .is to ? ensure .that recordsUsed,for matChirig *program' be destroyed or re - turned 'to :the ,lsource :agency ,as :soon' as-vossible after the match is ? performed in order to ininimites ,dangers of 'unauthorized use. ? - ? . The imatching. agreementimust.provide information that is 'avail- able to the 'source.. of the records on Any assessments that .have ?been made on the .accuracy of: the records' that will be 'used 'in the matchingprogram. Use,of 'inaccurate data-can greatly.diminish the value of 'matching programs 'by yielding many?false. 'raw 'hits". If . out-of-date . wage data ;is. matched .against 'the records of benefici- aries, :for example, it may appear that many individuals 'have ? excess .earnings,-when, in fact, the-earnings- data is no :longer accu- rate. ;Use of such data not only ..increases *the follow-up -costs of matching, but also -poses :dangers-of 'erroneously . reducing benefits based on ,faulty. data. This provision of S. 498, while 'not .requiring- agencies to undertake ;assessments of the accuracy of Ithe data they discl-ose for. matching programs, requires matChing agreements to Maude _information on any ,such assessments that 'have 'been -made, when the set of records was last "'cleaned up") in order to pro- vide the recipient agency with some --sense of the accuracy of the information. Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 17 The House amendment to S. 496 adds a provision that matching agreements must authorize the Comptroller General to have access to all records of a recipient agency or non-federal entity for pur- poses of monitoring compliance with the agreement. This provision, which is acceptable to the Committee, extends existing statutory authority of the Comptroller General to the records of state and local governments. The House amendment also adds a requirement that a copy of each matching agreement must be made available to the public. The agreement must also be provided to the Senate Committee on Governmental Affairs and the House Committee on Government Operations 30 days before the matching agreement becomes effec- tive. This 30-day notice period to Congress is acceptable to the Committee and parallels other provisions of the Privacy Act requir- ing notification to Congress of routine uses and creation of new sys- tems of records. Finally, the House amendment includes a provision providing that matching agreements may remain in effect for a period deter- mined to be appropriate by the Data Integrity Board, not to exceed 18 months. A-matching program that will match the same two sets of records several times over a period of time (for example, match- ing wage data with AFDC records every three months). is consid- ered one matching program. The bill authorizes the Data Integrity Board, without additional review, to renew a matching agreement for anon-going matching program for up to a year if 'the program will be conducted without. change and if each party to the 'agree-, ment certifies that -the .program has been conducted in cOmpliance, with .the agreement. In determining the effective time period for the -initial matching agreement, the -Data Integrity Board should consider the purpose and length of time needed to conduct the match, and whether the ,match is required by law. This House amendment is acceptable to the Committee. 3. Data Integrity Boards In order to improve the oversight of matching programs and compliance with matching agreements, applicable laws, regulations and ,guidelines, section 4 of S. 496 mandates each federal agency conducting or participating in a matching program establish a Data Integrity Board (DIB). A federal agency that acts as a source agency or recipient agency must establish a DIB, but agencies that do not participate in matching programs covered by the .bill?do not have to establish such .boards. Although some matches covered by the bill will involve federal programs that .are state-administered, no non-federal entity must establish a DIB. Each agency's DIB must be composed of senior officials designat- ed by the head of the agency. The law specifies that-the senior offi- cial designated by the agency as responsible for implementation of the Privacy Act and the Inspector General of the agency, if any, must serve on the DIB, although the IG cannot serve as chairper- son of the Board. The bill precludes the Inspector General from serving as chairperson because, historically, many computer match- ing programs have been proposed and conducted by IGs to deter fraud or waste in government programs. Since the DIB is intended to act as an overseer of computer matching programs, the Commit- Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 18 tee believes that the Board should not be headed by an Inspector General, who may head the office that is conducting the matching program. The size of the DIB will vary according to the size of the agency and the number of matching programs in which the agency partici- pates. Various agency components whose records are matched should be represented on the Board, and the Board should have adequate staff assigned to it to allow it to perform its statutory functions. This legislation does not require agencies to create new positions to comply with this provision, nor should membership on the Boards, or on the staff of the Boards, constitute full-time positions. The Committee anticipates that the Board will meet as needed to approve and review matching agreements, and to prepare reports required by Section 5, and, in some circumstances, to investigate the operation of matching programs. The bill sets forth specific functions for the Data Integrity Boards to perform. Each Board must review, approve and maintain all written agreements for receipt or disclosure of agency records for matching programs to ensure compliance with the requirements of this Act and compliance with all relevant statutes and guidelines. No disclosure of records can be made for a matching program unless the written matching agreement is approved. As passed by the Senate, a matching program could begin as soon as the Data Integrity Board approved the matching agreement. The House amendment to S. 496, however, adds a requirement that the writ- ten agreement first be made available to the public and sent to the Senate Governmental Affairs Committee and the House Govern- ment Operations Committee. The amendment makes the agree- ment effective 30 days after being transmitted to the Committees. This Committee endorses this amendment as providing necessary opportunity for congressional review and oversight of matching agreements. The bill also authorizes the DIB to disapprove matching agree- ments if they do not comply with the terms of this Act, or applica- ble laws, regulations and guidelines. The bill sets up an appeals procedure to be followed when a DIB disapproves a matching agreement. In cases of disapproval, any party to the agreement may appeal the disapproval to the Director of OMB. This appeals procedure is included in the House-passed bill, and accepted by the Committee, in order to prevent the DIB from exercising total veto power on matches. The Inspectors General, for example, expressed concern that agency officials on the DIB may have conflicts of interest when ruling on matching programs that are being conducted to find overpayments in the officials' own programs. There may be a danger of agency officials disapproving matches even when all ap- plicable rules, regulations and guidelines have been followed. The Committee believes that these conflict-of-interest concerns are legitimate and thus endorses the House amendment that pro- vides the OMB with limited authority to overrule a DIB and ap- prove a matching agreement. The disapproval of the DIB may be overturned only if the Director of the OMB determines that the Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 19 program will be consistent with all applicable legal, regulatory and policy requirements; that there is adequate evidence that the matching agreement will be cost-effective; and that the matching program is in the public interest. The Committee anticipates that all three factors must be met to warrant OMB reversal of a disap- proval by the Board. Under the terms of the House amendment, when OMB approves a matching agreement upon appeal, the decision must be reported to the Senate Committee on Governmental Affairs and to the House Committee on Government Operations. OMB must include a detailed explanation of the reasons for its approval. The matching agreement takes effect 30 days after the Committees are notified. If a matching program proposed by the Inspector General of an agency is disapproved by the Data Integrity Board and by the Di- rector of OMB, the Inspector General may report the disapproval to the head of the agency and to the Congress. The Committee be- lieves that this reporting mechanism is an effective means of en- suring the independence of the Inspectors General, and of putting the Congress on notice of possible efforts by agencies or OMB to prohibit matching programs that are legitimate or proper to con- duct. Other Duties of the Data Integrity Boards The bill sets forth several other functions for the DIB. Each Board must review all matching programs in which the agency has participated during the year, either as a source or re- cipient agency. The purpose of the review is to determine compli- ance with applicable laws, regulations, guidelines, and matching agreements, and to assess the costs and benefits of such matching programs. While some investigation of compliance with matching agreements, laws, regulations, or guidelines may be warranted when indication of problems come to the Board's attention, the Board's review functions will primarily consist of reviews of infor- mation about matching programs and occasional audits of the matching programs. Each board must review all recurring matching programs in which the agency has participated during the year, for continued justification of the program. Each Board must prepare an annual report on matching for sub- mission to the head of the agency and to Office of Management and Budget. The report of each Board must also be made available to the public upon request. OMB will consolidate the reports for the various Boards and file a single report with the Congress. Reports by the Boards must describe the matching activities of the agency and must include: (i) a description of all matching pro- grams in which the agency participated as a source or recipient agency; and (ii) a description of any matching agreements that were proposed but disapproved by the Board. The House amend- ment requires the following additional information to be included in the reports: (i) a description of any changes in the membership or structure of the Board in the preceding year; (ii) the reasons for any waiver of the requirement for the completion and submission of a cost-benefit analysis prior to the approval of a matching pro- gram; (iii) information about any violations of matching agree- Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: ICIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: 1A-RDP91B00390R000300210006-8 20 ments that have been alleged or identified and any corrective action taken; and (iv) any other information required by the Direc- tor of OMB to be included in the report. This Committee endorses the changes made by the House amendment. Each Board is required to serve as a clearinghouse for receiving and providing information on the accuracy, completeness, and reli- ability of records used in matching programs. Each Board is required to provide interpretation and guidance to agency components and personnel on the Privacy Act's matching requirements. Each Board is required to review agency recordkeeping and dis- posal policies and practices for matching programs to assure com- pliance with the Privacy Act. Finally, the bill provides discretionary authority for the Board to review and report on any matching activities that are not defined as matching programs by this bill, including matching programs exempted under section 5. The House amendment adds a provision allowing reports of such programs to be on an aggregate basis to the extent necessary to protect on-going law enforcement investiga- tions. The Committee endorses this amendment as necessary to protect such investigations and believes that similar authority to report on an aggregate basis should extend to counterintelligence matches. 4. Verification and Due Process Protections S. 496 includes provisions designed to provide due process protec- tions for individuals whose records are matched in computer matching programs. Those protections take the form of requiring independent verification of data produced by a matching program, notice to the individual, and an opportunity for the individual to contest the findings of the matching program prior to adverse action being taken. Before a recipient agency, non-federal entity or source agency may suspend, terminate, reduce, or make a final denial of any fi- nancial assistance or payment under a federal benefit program, or take any other adverse action against an individual as a result of information produced by a matching program, the agency must in- dependently verify the information for its accuracy. This provision is intended to protect the subjects of matching programs against loss of benefits or adverse action due to erroneous or out-of-date in- formation. The independent verification requirements are not intended to duplicate procedures already required by the benefit program itself. The bill provides that the verification requirement may be satisfied by verification requirements that exist, by law or regula- tions, in the Federal benefit program, the eligibility for which the applicant's or recipient's records are being matched. Such federal benefit program procedures can satisfy the requirements of the bill so long as such procedures include independent investigation and confirmation of any information used as a basis for an adverse action against the individual. The bill sets forth information that must be verified, such as amount of asset or income involved, and whether and for what period the individual had actual access to the income. The verification procedures should be tailored to the Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 21 types of data produced by the match to determine fully whether it is accurate and timely. The confirmation required by the bill can be made by asking the individual whose records are matched for confirmation of the infor- mation or by checking the data with another source that obtained the information independently. For example, confirmation of infor- mation indicating that a recipient of a benefit program has exces- sive interest or dividend income (obtained through a match with IRS records) could be achieved by asking the recipient to confirm the data or by asking the bank that reported the interest and divi- dend income to the IRS to confirm the information. The Committee believes that seeking confirmation from the individual himself or herself is preferable in most instances. S. 496 also requires that the basic due process protections of notice and opportunity to contest findings be incorporated into every matching program within the scope of this bill. Specifically, no recipient agency, non-federal entity, or source agency may sus- pend, terminate, reduce, or make a final denial of any financial as- sistance or payment under a federal benefit program, or take any other adverse action against the individual, until a reasonable period after the individual receives a notice from the agency con- taining a statement of its findings and informing the individual of the opportunity to contest such findings. As with the verification procedures, the bill does not intend the procedural protections of this bill to be a "double-layer" of proce- dures beyond those governing the federal benefit program involved. Rather, these requirements may be satisfied by the notice, hearing and appeal rights governing the program itself. The Committee rec- ognizes that most federal benefit programs?and many matching programs mandated by law?already contain due process protec- tions. This provision is intended to provide minimal due process protections for those matches that may not be subject to such rules, and to specifically direct those agencies who conduct matches to apply due process protections to matching programs. The House amendment prohibits agencies from taking adverse action until 60 days after the individual has been notified and given an opportunity to contest findings. The Committee believes, however, that problems may emerge from the imposition of a man- datory 60-day rule. First, a strict 60-day rule could conflict with the procedural due process rules governing the federal benefit program itself, leaving confusion among agency administrators over which rule to follow. Second, in some instances a 60-day wait before taking adverse action could be too long, allowing ineligible individ- uals to continue to receive governnment benefits. Yet in other in- stances, 60 days may be shorter than the time allowed by the bene- fit program itself to contest findings. To correct these problems, the Committee will propose replacing the House amendment's 60-day rule with a requirement that no ad- verse action be taken by an agency or non-federal entity until the notice period provided by the Federal benefit program's laws or regulations has expired (running from the date when notice and opportunity to contest findings were given), or 30 days, whichever is later. This provision will shorten the delay to minimize the danger of allowing erroneous payments to continue, while assuring Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: ,CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 22 that a minimal response period of 30 days is given, which is neces- sary to comport with due process rights. The House bill adds, and the Committe endorses, a limited excep- tion to this waiting period. An agency may take any appropriate action that might otherwise be prohibited if it determines that public health or safety may be adversely or signficantly threatened within the waiting period. The Committee anticipates that this ex- ception will be used rarely, and due process protections would still be afforded after the adverse action has occurred. 5. Reports to Congress The House bill includes, and the Committee endorses, a require- ment that the Director of OMB file a report to the Congress on matching activity. The purpose of this report is to consolidate the information contained in the reports of the Data Integrity Boards. The bill specifies elements that must be contained in these reports and specifies that the reports may contain other information that the Director determines to be relevant for oversight of matching. The reports must also include information about matching activi- ties not covered by, or excluded by, the bill. Such information may take the form of aggregate data in order to protect any law en- forcement activities that may be jeopardized by publicity or disclo- sure. The Committee would extend this provision to reporting on counterintelligence matching activities. 6. Sanctions The sanction for violating the provisions of this bill is a Prohibi- tion against disclosure of records for a matching program. The bill provides that, notwithstanding any other provision of law, no source agency may disclose any record contained in a system of records to a federal agency or non-federal entity for a matching program if the source agency has reason to believe that the verifi- cation requirements of the bill, or the terms of the matching agree- ment are not being met by the agency receiving the records. The House amendment adds a provision, endorsed by the Committee, which prohibits renewal of a matching agreement by a source agency unless the receiving agency (or non-fedeal entity) has certi- fied that it has complied with the matching agreement and if the source agency has no reason to believe that the certification is in- accurate. V. SECTION-BY-SECTION ANALYSIS S. 496, As Reported by the Committee on Governmental Affairs and Passed by the Senate (May 21, 1987) SECTION 1?SHORT TITLE This section provides that the act may be cited as the "Computer Matching and Privacy Protection Act of 1987." SECTION 2?MATCHING AGREEMENTS This section adds a new (b)(13) exception to the Privacy Act of 1974, 5 U.S.C. Section 552a, authorizing disclosures of records from Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 23 systems of records to a recipient agency or non-Federal matching entity pursuant to a matching agreement under this act. This section also adds three new subsections to the Privacy Act, designated as subsections (o), (p), and (q). Subsection (o)?Matching Agreements Prior to disclosing any record in a system of records to a recipi- ent agency or non-Federal matching entity for use in a computer matching program, the source agency and recipient agency (or non- Federal entity) must enter into a written agreement specifying 9 elements: (1) the justification, purpose, and legal authority for conduct- ing the program; (2) a description of the records that will be matched, includ- ing each data element that will be used, the approximate number of records that will be matched, and the projected starting and completion dates of the matching program; (3) procedures for notifying upon application and periodically thereafter applicants for or recipients of financial assistance or payments under Federal benefit programs, and applicants for and holders of positions as Federal personnel, that any infor- mation provided by such applicants, recipients, and holders may be subject to verification through matching programs; (4) procedures for verifying information produced in such matching programs; (5) procedures for retention and destruction of records cre- ated by such matching programs; (6) procedures for ensuring the administrative, technical, and physical security of the records matched and the results of such programs; (7) prohibitions on duplication and redisclosure of records provided by the source agency within or outside the recipient agency or the non-Federal matching entity, unless authorized by the source agency with the terms of the agreement; (8) procedures for governing the use of the records provided by the source agency for use in a matching program, including procedures governing return to the source agency or destruc- tion of the records used in the match; and (9) information on assessments that have been made on the accuracy of the records that will be used in the matching pro- gram. Subsection (p)?Verification No recipient agency, non-Federal matching entity or source agency may suspend, terminate, reduce, or make a final denial of any financial assistance or payment under a federal benefit pro- gram to any individual, or take any other adverse action against an individual as a result of information produced by a matching program, until an office or employee of the agency has independ- ently verified the information. The independent verification re- quirement may be satisfied either by verification requirements gov- erning the federal benefit program and shall include independent verification of: (A) the amount of the asset or income involved; Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 24 (B) whether the individual actually has or had access to such asset or income for the individual's own use; (C) the period or periods when the individual actually had such asset or income. No recipient agency, non-Federal matching entity or source agency may suspend, terminate, reduce, or make a final denial of any financial assistance or payment under a Federal benefit pro- gram to any individual whose records are used in a matching pro- gram, or may take other adverse action against the individual as a result of information produced by a matching program until the in- dividual receives notice of the findings and has been given an op- portunity to contest such findings. The opportunity to contest may be satisfied by notice, hearing, and appeal rights governing the Federal benefit program. Subsection (q)?Sanctions Notwithstanding any other provision of law, no source agency may disclose any record which is contained in a system of records to a recipient agency or non-Federal matching entity for a match- ing program if such source agency has reason to believe that the requirements of subsection (p) and any matching agreement en- tered into pursuant to subsection (o) are not being met by such re- cipient agency or entity. SECTION 3-NOTICE OF MATCHING PROGRAMS Subsection (a) amends subsection (e) of the Privacy Act by adding a new paragraph (12). The new paragraph requires source and re- cipient agencies to publish in the Federal Register notice of the es- tablishment or revision of a matching program at least 30 days prior to conducting the program. Subsection (b) amends subsection (r) (as redesignated) of the Pri- vacy Act regarding reporting on new or changed systems of records. The new language extends the existing reporting require- ment to matching programs. SECTION 4-DATA INTEGRITY BOARDS This section adds a new subsection (u) to the Privacy Act regard- ing Data Integrity Boards. Paragraph (1) requires that every agency conducting or partici- pating in a matching program shall establish a Data Integrity Board to oversee and coordinate among the various components of such agency the agency's implementation of the bill. Paragraph (2) requires that each Data Integrity Board shall con- sist of senior officials designated by the head of the agency and shall include any senior official designated by the head of the agency as responsible for implementation of the Privacy Act. The Inspector General of the agency, if any, shall be a member of the Board, but the Inspector General shall not serve as chairman of the Board. Paragraph (3) sets forth the functions of the Data Integrity Boards. These Boards shall: (A) review, approve, and maintain all written agreements for receipt or disclosure of agency records for matching programs Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 25 to ensure compliance with subsection (o), and all relevant stat- utes, regulations, and guidelines; (B) review all matching programs in which the agency has participated during the year, either as a source agency or re- cipient agency, determine compliance with applicable laws, regulations, and agency agreements, and assess the cost-bene- fits of such programs; (C) review all recurring matching programs in which the agency has participated during the year, either as a source agency or recipient agency, for continued justification for such disclosures and for compliance with applicable laws, regula- tions, and matching agreements, and assess the cost-benefits of such programs; (D) compile an annual report to the head of the agency and the Office of Management and Budget on the matching activi- ties of the agency, including matching programs in which the agency has participated as a source agency or recipient agency; matching agreements proposed under subsection (o) that were disapproved by the Board; and the matching of records as a source agency or recipient agency under programs not covered by this section or described in subparagraphs (A) through (E) of subsection (a)(8); (E) serve as a clearinghouse for receiving and providing in- formation on the accuracy, completeness, and reliability of records used in matching programs; (F) provide interpretation and guidance to agency compo- nents and personnel on the requirements of this section with respect to matching programs; (G) review agency recordkeeping and disposal policies and practices with regard to matching programs to assure compli- ance with this section; and (H) review and coordinate privacy training programs for the agency's personnel. Paragraph (4) provides that each Board shall maintain such staff as necessary to carry out its functions under this subsection, in- cluding persons designated by the head of the agency as responsi- ble for implementation of the Privacy Act. Paragraph (5) directs OMB to file an annual report with the Con- gress which consolidates the information contained in the reports from the Boards. SECTION 5-DEFINITIONS This section adds new definitions to the Privacy Act. "Matching program" means any computerized comparison of (i) two or more automated systems of records or a system of records with non-Federal records for the purpose of (I) establishing or veri- fying the eligibility of, or continuing compliance with statutory and regulatory requirements by, applicants for, recipients or benefici- aries of, participants in, or providers of services with respect to, cash or in-kind assistance or payments under Federal benefits pro- grams, or (II) recouping payments or delinquent debts under Feder- al benefit programs, or (ii) two or more automated Federal person- Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18 : CIA-RDP91B00390R000300210006-8 26 nel or payroll systems of records or a system of Federal personnel or payroll records with non-federal records. A matching program does not include: (i) matches performed to produce aggregate statistical data without any personal identifiers; (ii) matches performed to support any research or statistical project, the specific data of which may not be used to make deci- sions concerning the rights, benefits or privileges of specific indi- viduals; (iii) matches performed by a source agency in which no records are matched outside the source agency, unless the records involve a comparison of the source agency's personnel or payroll records with the records of a Federal benefit program administered by the agency; (iv) matches performed by an agency or component which performs as its principal function any activity pertaining to the enforcement of criminal laws, subsequent to the initiation of a specific law enforcement investigation for the purpose of gathering vidence against named individuals; (v) matches of tax informatio pursuant to section 6103(d) of the Internal Revenue Code of 1986; and (vi) matches performed to produce background checks for secu- rity clearances of federal personnel. "Recipient agency" means any agency, or contractor th cei jug records contained in a system of records from a source ency for use in a matching program. "Non-Federal entity" means any State or local government, or agency thereof, partnership, corporation, association, or public or private organization receiving records contained in a system of records from a source agency for use in a matching program; . "Source agency" means any agency or any State or local govern- ment, or agency thereof, which discloses records contained in a system of records to be used in a matching program; "Federal benefit program" means any- program administered by the Federal Government, or any agent thereof, providing cash or in-kind assistance in the form of payments, grants, loans, or loan guarantees to individuals. "Federal personnel" means officers and employees of the Govern- ment of the United States, members of the uniformed services (in- cluding members of the Reserve Components), individuals entitled to receive immediate or deferred retirement benefits under any re- tirement program of the Government of the United States (includ- ing survivor benefits). VI. ESTIMATED COST OF LEGISLATION U.S. CONGRESS, CONGRESSIONAL BUDGET OFFICE, Washington, DC, September 12, 1988. Hon. JOHN GLENN, Chairman, Committee on Governmental Affairs, US. Senate, Washington, DC. DEAR MR. CHAIRMAN: The Congressional Budget Office has re- vised its cost estimate for S. 496, the Computer Matching and Pri- vacy Protection Act of 1987, as passed by the Senate, May 21, 1987. This estimate supersedes our previous estimate dated August 5, 1988. Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 27 Based on information provided by the Department of Health and Human Services (HHS), the Department of Defense and a Member of other agencies, CBO estimates that enacting this legislation would result in costs to the federal government of up to $2 million during the first year after enactment, and less than $1 million an- nually thereafter. S. 496 would establish procedures to regulate the use of computer matching by federal agencies or by nonfederal agencies with feder- al records. These procedures would include preparing matching agreements with agencies when sharing data, providing the right to appeal to individuals affected by information obtained in a match, and establishing data integrity boards to oversee matching activities. Most of the costs associated with the act would result from pre- paring matching agreements required by section 2 of the act. Al- though agencies currently have agreements covering some match- ing activities, S. 496 would require more extensive agreements, and would require them for all matches. The agreements would specify the purpose and legal authority of the match, the methodology to be used, and expected results; they would also include notification and verification procedures for indivivals affected by a match. The magnitude of the first-year costs is difficult to predict. If ex- isting matching agreements would satisfy the requirements of the act, then there would be little additional cost to the government. However, if the existing agreements would need substantial addi- tional work, CBO estimates that costs would be around $1 million during the first year after enactment. Costs in future years would be much lower, because the agreements would probably need only minor updating. Another potential cost associated with enacting S. 496 would be establishing data integrity boards required by Section 4. These boards would oversee an agency's matching activities, and would review the matching agreements required by Section 2. Many agen- cies already have some type of formal or informal group similar to a data integrity board. Nevertheless, because many agencies would probably devote more time to these activities, there would be some additional cost to the government, probably less than $1 million an- nually. Section 4 would also require agencies to prepare cost/benefit analyses for all proposed matches, which would be reviewed by the data integrity boards. Preparing these analyses would probably result in some additional costs, but they would also discourage agencies from attempting some matches that would not be cost ef- fective. CBO expects that these two effects would probably offset each other and, therefore, would result in no significant costs or savings to the government. CBO does not expect other sections of S. 496 to have a significant effect on the federal budget. These sections would, among other things, require federal agencies to publish in the Federal Register notice of matching programs with nonfederal entities and exempt matches formed for statistical or law enforcement purposes from the act's requirements. Estimated Cost to State and Local Governments.?CBO expects that enacting S. 496 would require state and local agencies in- Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 28 volved in computer matching with federal agencies to adopt some new procedures to comply with the verification and notification re- quirements of the act, and to expand matching agreements with federal agencies. Based on information provided by the American Public Welfare Association and the National Association of State Information Systems, CBO estimates that the costs associated with these activities would not be significant. Previous CBO Estimate.?On August 5, 1988, CBO prepared an estimate for this bill. That earlier analysis discussed the potential budget impact that would result if programs in the Office of Child Support Enforcement at the Department of Health and Human Services (HHS) were covered by this bill. New information provided by HHS indicates that report language accompanying the bill is sufficient to establish that these programs are not covered. If you wish further details on this estimate, we will be pleased to provide them. The CBO staff contact is Michael Sieverts, who can be reached at 226-2860. Sincerely, JAMES L. BLUM, Acting Director. VII. EVALUATION OF REGULATORY IMPACT Pursuant to the requirements of paragraph 11(b) of Rule XXVI of the Standing Rules of the Senate, the Committee has considered the regulatory and paperwork impact of S. 496, the Computer Matching and Privacy Protection Act of 1987. S. 496, as reported, requires federal agencies participating in computer matching programs, as defined by the bill, to enter into written matching agreements prior to disclosing records for such matching programs. The bill also establishes Data Integrity Boards, within agencies participating in matching programs, to oversee and coordinate implementation of S. 496. Finally, the bill establishes procedural safeguards for individuals whose records are matched in programs covered by the Act. While the bill requires Federal agencies to enter into matching agreements prior to conducting or participating in matching pro- grams covered by the bill, and requires agencies to establish proce- dures to verify information obtained from computer matching pro- grams, the Committee does not believe that this will result in any additional regulatory impact on individuals whose records are used in computer matching programs covered by S. 496, since such indi- viduals already would be subject to the rules and regulations gov- erning the Federal benefit programs involved in the matching pro- gram. The Committee believes that this bill will enhance the per- sonal privacy rights of individuals whose records are exchanged in matching programs, since S. 496 establishes procedural safeguards on the disclosures of records for computer matching purposes. The Committee does not foresee any significant paperwork impact re- sulting from this legislation. VIII. CHANGES IN EXISTING LAW In compliance with paragraph 12 of rule XXVI of the Standard Rules of the Senate, changes in existing law made by the bill, as Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 29 reported, are shown as follows (existing law proposed to be omitted is enclosed in black brackets, new matter is printed in italic, exist- ing law in which no change is proposed is shown in roman): TITLE 5, UNITED STATES CODE PART I?THE AGENCIES GENERALLY CHAPTER 5?ADMINISTRATIVE PROCEDURE SUBCHAPTER II?ADMINISTRATIVE PROCEDURE ?552a. Records maintained on individuals (a) DEFINITIONS.?For purposes of this section? (1) * * * (6) the term "statistical record" means a record in a system of records maintained for statistical research or reporting pur- poses only and not used in whole or in part in making any de- termination about an identifiable individual, except as provi- died by section 8 of title 12; [and] (7) the term "routine use' means, with respect to the disclo- sure of a record, the use of such record for a purpose which is compatible with the purpose for which it was collected(.]; (8) the term "matching program"? (A) means any computerized comparison of? (i) two or more automated systems of records of a system of records with non-Federal records for the pur- pose of? (I) establishing or verifying the eligibility of or continuing compliance with statutory and regula- tory requirements, by applicants, recipients, benefi- ciaries, or participants for, or providers of services with respect to, financial assistance or payments under Federal benefit programs, or (II) recouping payments or delinquent debts under such Federal benefit programs, or (ii) two or more automated Federal personnel or pay- roll systems of records or a system of Federal personnel or payroll records with a set of non-Federal records, (B) but does not include? (i) matches performed to produce aggregate statistical data without any personal identifiers; (ii) matches performed to support any research or sta- tistical project, the specific 'data of which cannot be used to make decisions concerning the rights, benefits, or privileges of specific individuals; Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18 CIA-RDP91B00390R000300210006-8 30 (iii) matches performed by a source agency in which no records are matched outside such source agency or any component thereof unless those matches involve a comparison of the source agency's personnel or payroll records with the records of a Federal benefit program administered by that agency; (iv) matches performed subsequent to the initiation of a specific law enforcement investigation by an agency or component thereof which performs as its principal function any activity pertaining to the en- forcement of criminal laws, for the purpose of gather- ing evidence for a prospective law enforcement proceed- ing against named individuals; (v) matches of tax information pursuant to section 6103(d) of the Internal Revenue Code of 1986; or (vi) matches performed to produce background checks for security clearance of Federal personnel; (9) the term "recipient agency" means any agency, or contrac- tor thereof receiving records contained in a system of records from a source agency for use in a matching program; ? (10) the term "non-Federal entity" means any State or local government, or agency thereof partnership, corporation, associa- tion, or public or private organization receiving records con- tained in a system of records from a source agency for use in a matching program; (11) the term "source agency" means any agency or any State or local government, or agency thereof which discloses records contained in a system of records to be used in a matching pro- gram; (12) the term "Federal benefit program" means any program administered by the Federal Government, or any agent thereof providing cash or in-kind assistance in the form of payments, grants, loans, or loan guarantees to individuals; and (13) the term "Federal personnel" means officers and employ- ees of the Government of the United States, members of the uni- formed services (including members of the Reserve Components), individuals entitled to receive immediate or deferred retirement benefits under any retirement program of the Government of the United States (including survivor benefits). *? - * (b) CONDITIONS OF DISCLOSURE.?No agency shall disclose any record which is contained in a system of records by any means of communications to any person, or to another agency, except pursu- ant to a written request by, or with the prior written consent of, the individual to whom the record pertains, unless disclosure of the record would be? (1) * * * * * * * * (11) pursuant to the order of a court of competent jurisdic- tion;[or] (12) to a consumer reporting agency in accordance with sec- tion 3711(f) of title 31(.]; or Declassified in Part - Sanitized Copy Approved for Release 2013/04/18 CIA-RDP91B00390R000300210006-8 ? Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 31 (13) to a recipient agency or non-Federal matching entity pur- suant to a written matching agreement under subsection (o) of this section. (e) AGENCY REQUIREMENTS.?Each agency that maintains a system of records shall? (1) * * * (10) establish appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in sub- stantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained; (and] (11) at least 30 days prior to publication of information under paragraph 4(D) of this subection, publish in the Federal Regis- ter notice of any new use or intended use of the information in the system, and provide an opportunity for interested persons to submit written data, views, or arguments to the agency []; and (12) if such agency is a recipient agency or a source agency in a matching progam with a non-Federal matching entity, with respect to any establishment or revision of a matching program, at least 30 days prior to conducting such program, publish in the Federal Register notice of such establishment or revision. (b) REPORT TO CONGRESS AND OFFICE OF MANAGEMENT AND BUDGET.? (1) IN GENERAL.?Subsection (r) of section 552a of title 5, United States Code, as redesignated by section 2(b)(1) of this Act, is amended by striking out "system of records "and insert- ing in lieu thereof "system of records or matching program". (2) CLERICAL AMENDMENT.?The heading of such subsection (r) is amended by inserting "or Programs" after "Systems". (0) MATCHING AGREEMENTS.?Prior to disclosing any record which is contained in a system of records to a recipient agency or non-Fed- eral matching entity for use in a computer matching program, a source agency and the recipient agency or non-Federal matching entity shall enter into a written agreement specifying? (1) the justification, purpose and legal authority for conduct- ing the program; (2) a description of the records that will be matched, includ- ing each data element that will be used, the approximate number of records that will be matched, and the projected start- ing and completion dates of the matching program; (3) procedures for notifying upon application and periodically thereafter? (A) applicants for and recipients of financial assistance or payments under Federal benefit programs, and (B) applicants for and holders of positions as Federal per- sonnel, that any information provided by such applicants, recipients, and holders may be subject to verification through matching programs; Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 32 (4) procedures for verifying information produced in such matching program as required by subsection (p); (5) procedures for retention and destruction of records created by such matching program; (6') procedures for ensuring the administrative, technical, and physical security-of the records matched and the results of such programs; (7) prohibitions on duplication and redisclosure of records provided by the source agency within or outside the recipient agency or the non-Federal matching entity, unless authorized by the source agency-with the terms of the authorization; (8) procedures governing the use of the records provided by the source agency for use in a matching program including proce- dures governing return to the source agency or destruction of the records used in such prorgam; and (8) procedures governing the use of the records provided by the source -agency for use in a matching program including proce- dures governing return to the source agency or destruction of the records used in such program; and (9) information on assessments that have been made on the accuracy of the records that will be used in such matching pro- gram. (p) VERIFICATION AND OPPORTUNITY TO CONTEST FINDINGS.?(1) In order to protect any individual whose records are used in match- ing programs, no recipient agency, non-Federal matching entity, or source agency may suspend, terminate, reduce, or make a final denial of any financial assistance under a' Federal benefit program to such individual, or take other adverse action against such indi- vidual as a result of information produced by such matching pro- grams, until such agency or entity has independently verified such information. Subject to the requirements of this subsection, such in- dependent verification may be satisfied by verification requirements governing such Federal benefit program. (2) Independent verification required by paragraph (1) shall in- clude verification of? (A) the amount of the asset or income involved, (B) whether such individual actually has or had access to such asset or income for such individual's own use, and (C) the period or periods when the individual actually had such asset or income. (3) No recipient agency, non-Federal matching entity, or source agency may suspend, terminate, reduce, or make a final denial of any assistance under a Federal benefit program to any individual described in paragraph (1), or take other adverse action against such individual as a result of information produced by a matching pro- gram, until such individual has been notified by such agency or entity of its findings and has been given an opportunity to contest such findings. Such opportunity may be satisfied by notice, hearing, and appeal rights governing such Federal benefit program. (q) SANCTIONS.?Notwithstanding any other provison of law, no source agency may disclose any record which is contained in a system of records to a recipient agency or non-Federal matching entity for a matching program if such source agency has reason to believe that the requirements of subsection (p) and any matching Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 33 agreement entered into pursuant to subsection (o) are not being met by such recipient agency or entity. ((o)3 (r) REPORT ON NEW SYSTEMS.?Each agency shall provide adequate advance notice to Congress and the Office of Management and Budget of any proposal to establish or alter any system of records in order to permit an evaluation of the probable or poten- tial effect of such proposal on the privacy and other personal or property rights of individuals or the disclosure of information relat- ing to such individuals, and its effect on the preservation of the constitutional principles of federalism and separation of powers. Up)] (s) ANNUAL REPORT.?The President shall annually submit to the Speaker of the House of Representatives and the President pro tempore of the Senate a report? (1) describing the actions of the Director of the Office of Management and Budget pursuant to section 6 of the Privacy Act of 1974 during the preceding year; (2) describing the exercise of individual rights of access and amendment under this section during such year; (3) identifying changes in or additions to systems of records; (4) containing such other information concerning administra- tion of this section as may be necessary or useful to the Con- gress in reviewing the effectiveness of this section in carrying out the purposes of the Privacy Act of 1974. [(q)] (t)(1) EFFECT OF OTHER LAWS.?No agency shall rely on any exemption contained in section 552 of this title to withhold from an individual any record which is otherwise accessible to such individ- ual under the provisions of this section. (2) No agency shall rely on any exemption in this section to with- hold from an individual any record which is otherwise accessible to such individual under the provisions of section 551 of this title. (U) DATA INTEGRITY B0ARDS.-(1) Every agency conducting or par- ticipating in a matching program shall establish a Data Integrity Board to oversee and coordinate among the various components of such agency the agency's implementation of this section. (2) Each Data Integrity Board shall consist of senior officials des- ignated by the head of the agency, including any senior official des- ignated by the head of the agency as responsible for implementation of this section, and the inspector general of the agency, if any. The inspector general shall not serve as a chairman of the Data Integri- ty Board. (3) Each Data Integrity Board shall perform the following func- tion: (A) review, approve, and maintain all written agreements for receipt or disclosure of agency records for matching programs to ensure compliance with subsection (o), and all relevant statutes, regulations, and guidelines; (B) review all matching programs in which the agency has participated during the year, either as a source agency or recipi- ent agency, determine compliance with applicable laws, regula- tions, and agency agreements, and assess the cost-benefits of such programs; (C) review all recurring matching programs in which the agency has participated during the year, either as a source agency or recipient agency, for continued justification for such Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8 34 disclosures and for compliance with applicable laws, regula- tions, and agency agreements, and assess the cost-benefits of such programs; (D) compile an annual report to the head of the agency and the Office of Management and Budget on the matching activi- ties of the agency, including? (i) matching programs in which the agency has partici- pated as a source agency or recipient agency; (ii) matching agreements proposed under subsection (o) that were disapproved by the Board; and (iii) the matching of records as a source agency or recipi- ent agency under programs not covered by this section or described in subparagraphs (A) through (E) of subsection (a)(8); (E) serve as a clearinghouse for receiving and providing infor- mation on the accuracy, completeness, and reliability of records used in matching programs; (F) provide interpretation and guidance to agency components and personnel on the requirements of this section with respect to matching programs; (G) review agency recordkeeping and disposal policies and practices with regard to matching programs to assure compli- ance with this section; and (H) review and coordinate privacy training programs for the agency's personnel. (4) Each Data Integrity Board shall maintain such staff as neces- sary to carry out its functions specified by this subsection. Such staff shall include persons designated by the head of the agency as responsible for implementation of this section. (5) The Director of the Office of Management and Budget shall annually consolidate in a report to the Congress the information contained in the reports from the various Data Integrity Boards under paragraph (3)(D). 0 Declassified in Part - Sanitized Copy Approved for Release 2013/04/18: CIA-RDP91B00390R000300210006-8