The Computer Matching and Privacy Protection Act of 1988, as Amended
7 hours 2 minutes
Hello, everyone welcome back to the class.
My name is Chris and I'm your instructor for cyber buries us Information privacy course.
I hope wherever you are across the globe,
that your days are sunny here in the state of Maryland we've had almost five days of raining.
No, it's a sad week for me. We lost our
beloved Scottish terrier magnus this week. And so, you know, the days have been a little bit more gray
and overcast, but you know, we're doing okay here
In less than 2.3. We're going to talk about the computer matching and Privacy Protection Act of 1988.
It was amended in uh
1990 really to uh really expand the due processes that were provided to individuals before, you know, federal government agencies participating in these matching programs, uh took adverse action against them.
We have several learning objectives. We're going to talk about the purpose of the computer matching and privacy protection act of 1988. As amended,
we're going to talk about in some of the requirements for these computer matching agreements.
We're gonna talk about the responsibilities of data integrity boards. And then we'll conclude with a discussion on uh the individuals due process rights.
So let's talk about the
Um Computer Matching and Privacy Protection Act of 1988.
We know it amends the Privacy Act of 1974. We know in 1974
we were in a paper based environment and now we had transitioned with the proliferated use of computers and information technologies
destroying information and databases.
And so what the computer matching and privacy protection act
of 1988 stated was that
for federal government agencies and the executive branch
that we're entering into these computer matching programs, they had to have a computer matching agreement. Or if you were doing it with a non federal agency,
an example of that would be for student loan defaults.
And so there is a computer matching program
between and an agreement between the Department of Education,
the Department of the Treasury and at the non federal level with the individual state controllers or revenue offices.
Let's see what happens is
the Department of Education.
Well, um, you know, look at matching information with individuals that are filing income taxes
over at the Department of Treasury.
And then that information is also matched within these agreements with
the individual State comptroller's Office is or Revenue offices.
And so this information is shared
so that they know that if an individual is going to receive a state or federal tax refund, that information can be matched with those individuals that have defaulted on student loans. And so those moneys themselves can be collected by the States and by the
IRS, over at Department of Treasury. And that information can be applied against
those are defaulted student loans.
You know, these written agreements have to be in writing,
you know, and they have different purposes. You know, they have to state the purpose and legal authority for conducting the program.
They have to talk about the justification for the program and its anticipated results.
You got to have a description of records and we're talking still again about records and system of records that will be matched.
You got to talk about the number approximated number of records that you're going to match and the projected starting and completion date of the matching programs.
You have to talk about the procedures for how you're going to provide individualized notice at the time of starting this process.
You can't start the process itself until like we talked about with the Sauron's that you've uh again
put notice in the Federal Register for 30 days like with the sword as you also have to give in a letter notify the Office of Management and Budget and the U. S. Congress about the computer matching agreement. This information is reported
uh annually also to uh um be
you know, another thing we use these computer matching agreements for is
to determine the eligibility for benefits.
To verify eligibility for benefits
or to recruit payments on benefits.
You know what the accesses. You must have a
data integrity board that's established by the agency's most senior um officials to oversee the program and ensure that its operating in accordance with the Computer matching and privacy Protection Act of 1988.
No, the act itself also requires that for those parties that are signatories of this agreement, that if one party believes that the other parties are not acting in accordance with the agreement and they can temporarily temporarily suspend or even cancelled the agreement
to such time that, you know, the
agencies themselves are in compliance
Now, these matching agreements can't be
In existence for longer than 18 months
and that's the response. We have the data integrity board to ensure that if there is a need to renew
The agreement and it does so within 33 months, I'm sorry. Prior to the expiration of the agreement,
We have rights privacy rights under the computer matching and Privacy Protection Act of 1988.
these agencies that are participating in these agreements
before they can reduce suspend or terminate any financial assistance to an individual
whose information is contained into these computer databases and are part of a computer matching
That they first had to verify the accuracy of the computerized data
using the matching program.
And then they also have to provide the individual
With 30 days notice so they can contest
the reduction suspension or termination of any financial assistance.
As always, we have a series of questions associated with each lesson.
Question when asked, what does the computer matching and Privacy Protection Act of 1988? Do
the appropriate answers or A. B. C. And D.
Question to ask which agencies can participate in a written computer matching agreement?
A. And B.
Uh And again, I gave you an example of how that process works.
Question three asked a written computer matching agreement must contain what following information
A. B. C. And D.
Are the appropriate answers.
There's also other information
that has to be talked about
in the written matching agreement
procedures for verifying information produced in the matching program, procedures for the retention and timely destruction of identifiable records created by one agency or non federal agency
that's participating in the matching program
procedures for ensuring the administrative, technical and physical security safeguards for protecting these records that are part of the matching program.
Question four asked agencies cannot reduce suspend and terminate financial assistant to an individual without first
A and B. Are the appropriate answers.
So in summary, the computer matching and Privacy Protection Act of 1988, amended in 1990,
regulates how federal agencies and the executive branch
can engage in computer matching programs with other federal agencies and or non federal agencies.
There is a requirement that these agencies must enter into a written agreement. We talked about some of the requirements of the content.
We talked about, we use these computer matching programs really to
establish eligibility for to verify eligibility for or to recruit payments on benefits.
We said that these participating agencies must have a data integrity board
that oversees and coordinates the program's operations.
And we said that the
Computer matching and Privacy Protection Act of 1988 provides individuals with uh due process protections to ensure that no adverse action is taken against them because the results of a computer matching program
without first verifying the accuracy of the computerized data, that's part of the matching program, and then also by providing them with
30 days notification so they can refute the findings themselves.
Penetration Testing and Ethical Hacking
To assess the strength of your organization’s cybersecurity posture, you need to gather information, perform ...
7 CEU/CPE Hours Available
Certificate of Completion Offered
Privacy Program Management
An effective Privacy Program protects you from liability associated with data disclosure and demonstrates to ...
4 CEU/CPE Hours Available
Certificate of Completion Offered