The Computer Matching and Privacy Protection Act of 1988, as Amended

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 2 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
Hello, everyone welcome back to the class.
00:04
My name is Chris and I'm your instructor for cyber buries us Information privacy course.
00:10
I hope wherever you are across the globe,
00:13
that your days are sunny here in the state of Maryland we've had almost five days of raining.
00:20
No, it's a sad week for me. We lost our
00:24
beloved Scottish terrier magnus this week. And so, you know, the days have been a little bit more gray
00:32
and overcast, but you know, we're doing okay here
00:37
In less than 2.3. We're going to talk about the computer matching and Privacy Protection Act of 1988.
00:44
It was amended in uh
00:48
1990 really to uh really expand the due processes that were provided to individuals before, you know, federal government agencies participating in these matching programs, uh took adverse action against them.
01:04
We have several learning objectives. We're going to talk about the purpose of the computer matching and privacy protection act of 1988. As amended,
01:14
we're going to talk about in some of the requirements for these computer matching agreements.
01:19
We're gonna talk about the responsibilities of data integrity boards. And then we'll conclude with a discussion on uh the individuals due process rights.
01:33
So let's talk about the
01:34
Um Computer Matching and Privacy Protection Act of 1988.
01:38
We know it amends the Privacy Act of 1974. We know in 1974
01:45
we were in a paper based environment and now we had transitioned with the proliferated use of computers and information technologies
01:56
destroying information and databases.
01:59
And so what the computer matching and privacy protection act
02:02
of 1988 stated was that
02:06
for federal government agencies and the executive branch
02:10
that we're entering into these computer matching programs, they had to have a computer matching agreement. Or if you were doing it with a non federal agency,
02:22
an example of that would be for student loan defaults.
02:25
And so there is a computer matching program
02:30
between and an agreement between the Department of Education,
02:35
the Department of the Treasury and at the non federal level with the individual state controllers or revenue offices.
02:43
Let's see what happens is
02:45
the Department of Education.
02:49
Well, um, you know, look at matching information with individuals that are filing income taxes
02:57
over at the Department of Treasury.
03:00
And then that information is also matched within these agreements with
03:05
the individual State comptroller's Office is or Revenue offices.
03:09
And so this information is shared
03:12
so that they know that if an individual is going to receive a state or federal tax refund, that information can be matched with those individuals that have defaulted on student loans. And so those moneys themselves can be collected by the States and by the
03:31
IRS, over at Department of Treasury. And that information can be applied against
03:36
those are defaulted student loans.
03:38
You know, these written agreements have to be in writing,
03:43
you know, and they have different purposes. You know, they have to state the purpose and legal authority for conducting the program.
03:50
They have to talk about the justification for the program and its anticipated results.
03:54
You got to have a description of records and we're talking still again about records and system of records that will be matched.
04:02
You got to talk about the number approximated number of records that you're going to match and the projected starting and completion date of the matching programs.
04:12
You have to talk about the procedures for how you're going to provide individualized notice at the time of starting this process.
04:19
You can't start the process itself until like we talked about with the Sauron's that you've uh again
04:27
put notice in the Federal Register for 30 days like with the sword as you also have to give in a letter notify the Office of Management and Budget and the U. S. Congress about the computer matching agreement. This information is reported
04:43
uh annually also to uh um be
04:47
now,
04:48
you know, another thing we use these computer matching agreements for is
04:53
to determine the eligibility for benefits.
04:58
To verify eligibility for benefits
05:01
or to recruit payments on benefits.
05:05
You know what the accesses. You must have a
05:10
data integrity board that's established by the agency's most senior um officials to oversee the program and ensure that its operating in accordance with the Computer matching and privacy Protection Act of 1988.
05:26
No, the act itself also requires that for those parties that are signatories of this agreement, that if one party believes that the other parties are not acting in accordance with the agreement and they can temporarily temporarily suspend or even cancelled the agreement
05:45
to such time that, you know, the
05:47
agencies themselves are in compliance
05:51
Now, these matching agreements can't be
05:55
In existence for longer than 18 months
05:58
and that's the response. We have the data integrity board to ensure that if there is a need to renew
06:04
The agreement and it does so within 33 months, I'm sorry. Prior to the expiration of the agreement,
06:13
We have rights privacy rights under the computer matching and Privacy Protection Act of 1988.
06:21
Such as
06:24
these agencies that are participating in these agreements
06:29
before they can reduce suspend or terminate any financial assistance to an individual
06:36
whose information is contained into these computer databases and are part of a computer matching
06:44
program.
06:46
That they first had to verify the accuracy of the computerized data
06:50
using the matching program.
06:53
And then they also have to provide the individual
06:57
With 30 days notice so they can contest
07:00
the reduction suspension or termination of any financial assistance.
07:10
As always, we have a series of questions associated with each lesson.
07:15
Question when asked, what does the computer matching and Privacy Protection Act of 1988? Do
07:25
the appropriate answers or A. B. C. And D.
07:30
Question to ask which agencies can participate in a written computer matching agreement?
07:39
A. And B.
07:41
Uh And again, I gave you an example of how that process works.
07:46
Question three asked a written computer matching agreement must contain what following information
07:59
A. B. C. And D.
08:01
Are the appropriate answers.
08:05
There's also other information
08:07
that has to be talked about
08:09
in the written matching agreement
08:13
procedures for verifying information produced in the matching program, procedures for the retention and timely destruction of identifiable records created by one agency or non federal agency
08:26
that's participating in the matching program
08:28
procedures for ensuring the administrative, technical and physical security safeguards for protecting these records that are part of the matching program.
08:39
Question four asked agencies cannot reduce suspend and terminate financial assistant to an individual without first
08:50
A and B. Are the appropriate answers.
08:56
So in summary, the computer matching and Privacy Protection Act of 1988, amended in 1990,
09:03
regulates how federal agencies and the executive branch
09:09
can engage in computer matching programs with other federal agencies and or non federal agencies.
09:16
There is a requirement that these agencies must enter into a written agreement. We talked about some of the requirements of the content.
09:24
We talked about, we use these computer matching programs really to
09:30
establish eligibility for to verify eligibility for or to recruit payments on benefits.
09:37
We said that these participating agencies must have a data integrity board
09:41
that oversees and coordinates the program's operations.
09:46
And we said that the
09:48
Computer matching and Privacy Protection Act of 1988 provides individuals with uh due process protections to ensure that no adverse action is taken against them because the results of a computer matching program
10:03
without first verifying the accuracy of the computerized data, that's part of the matching program, and then also by providing them with
10:13
30 days notification so they can refute the findings themselves.
Up Next