Introduction

Federal agencies collect a significant amount of data about individuals' current and past circumstances. This information includes tax filings, mailing address, domestic and international travel, military enlistment, Medicare history, permits applied for, and federal financial assistance received, among other data. The executive branch has collected data on nearly every American in support of its various operations and services.

Congress has long recognized that privacy is directly affected and placed at risk when agencies collect and use data on individuals.¹ Computers and information technologies greatly increase the amount of data that can be collected, stored, and processed while also enabling innovative uses of that data. Computers make it easier to exchange, share, and match data on individuals across programmatic and agency boundaries. Congress acknowledged the threat computers pose to individual privacy when it passed the Privacy Act of 1974 (Privacy Act).²

Since at least in the 1970s, federal agencies have been sharing and matching data on individuals. One of the first well-known uses of a federal agency matching data was in 1977 for "Project Match."³ The then-Department of Health, Education, and Welfare compared federal payroll records with records on recipients of the then-Aid to Families with Dependent Children program to find federal personnel who were receiving improper payments.⁴

In 1988, the House Committee on Government Operations⁵ observed that the Office of Management and Budget's (OMB's) interpretations of the Privacy Act's disclosure restrictions had permitted disclosures to support computer matching.⁶ The committee stated that it was "not aware of any computer match that could not be conducted because of Privacy Act disclosure rules."

Over many Congresses, various statutes have required agencies to exchange and match data on individuals for a specific purpose, such as determining eligibility for a federal benefit program.⁷

The Computer Matching and Privacy Protection Act of 1988⁸ (CMPPA) establishes procedures for agencies when they disclose and match data on individuals for certain purposes. These purposes are for determining eligibility for federal benefit programs, recouping payments and debts under those programs, and comparing records of federal personnel.⁹ Computer matching conducted for these purposes is called a matching program.

Matching programs are used throughout the executive branch of the federal government. For example, in 2022, the Department of Justice (DOJ) and Internal Revenue Service (IRS) established a matching program so that DOJ could locate people who owe debts to the United States. Specifically, DOJ sends to the IRS the names and Social Security numbers (SSNs) of people who owe debts. The IRS then provides the mailing addresses of those people to DOJ so that DOJ can locate those debtors, initiate litigation, and enforce debt collection.¹⁰

This report provides an overview of the CMPPA and discusses its key statutory requirements for matching programs and how matching program has been interpreted and implemented by OMB and various executive agencies. This overview of the CMPPA leads to a discussion of issues for Congress and explores where it might consider modifying the CMPPA specifically and the use of data matching in the executive branch more generally.

What Is the Computer Matching and Privacy Protection Act (CMPPA)?

The CMPPA provides the requirements and processes by which agencies may, for certain purposes, conduct computer matching involving individuals' data. The act emerged from several congressional concerns at the time that the administrative controls and oversight of agency matching were inadequate and that the due process rights of individuals were not adequately protected from adverse actions stemming from inaccurate information.¹¹ Additionally, the extent of computer matching in the executive branch was unknown, partly because the practice itself was not clearly defined.¹²

The CMPPA amended provisions originally enacted by the Privacy Act. Thus, implementation of the CMPPA operates within the Privacy Act's statutory framework. The CMPPA, like the Privacy Act, concerns records of U.S. citizens or permanent legal residents.¹³ A record generally includes personal identifiers as well as other characteristics that can be ascribed to individuals. Records are contained within a system of records, which is generally understood as a group of records under an agency's control.¹⁴

According to a report by the Office of Technology Assessment (OTA) in 1986, computers and data communication technology increased the exchange of records in ways that could not be envisioned when the Privacy Act was passed in 1974,¹⁵ including, for example, locating student loan defaulters who were federal government employees and using federal tax information to evaluate a Medicaid claim to be paid to a physician.¹⁶ OTA argued in its 1986 report that "agency use of new electronic technologies in processing [individual] information has eroded the protections of the Privacy Act of 1974."¹⁷

The CMPPA does not define computer matching or matching per se and instead defines matching program (see text box, "Defining Matching Program").¹⁸ In the simplest terms, a matching program involves the computerized comparison of records from two or more automated systems for determining eligibility for federal benefits or using the information of federal personnel, including payroll information. The act, as its name implies, is specifically concerned with computers comparing data and does not apply to matches that are done manually.¹⁹

Notably, the CMPPA does not independently authorize matching or create a new authority for agencies to match records. Instead, the CMPPA establishes requirements, processes, and institutional roles for matching authorized by other laws.

The CMPPA establishes a number of requirements for agencies conducting matching programs. These requirements include the execution of written matching agreements between the agencies involved in a specific matching program.²² Agencies must also conduct cost-benefit analyses of matching programs²³ and document specific estimates of savings in matching agreements.²⁴

Additionally, the CMPPA requires that each federal agency that conducts or participates in a matching program must establish a Data Integrity Board, which is to approve and oversee such programs.²⁵ The act also requires individuals to be notified of the use of their information in a matching program²⁶ and given the opportunity to contest the accuracy of the information.²⁷

The act prescribes certain roles and responsibilities to federal agencies involved in matching programs based on whether they receive records or are the source of such records. For the purposes of the CMPPA and this report, a federal agency includes any executive department or establishment in the executive branch.²⁸ The CMPPA also identifies and establishes some requirements for nonfederal agencies—defined as a state or local government, or an agency thereof, that receives records contained in a system of records from a federal source agency.²⁹

Congressional Interest in Data Matching

Congress has focused on the CMPPA because of the role it plays for people seeking assistance from federal government programs and in relation to the integrity of federal programs.

For example, the House Committee on Ways and Means held a hearing in the 112^th Congress on the use of data matching to improve customer service, program integrity, and taxpayer savings, including the ways the CMPPA complicates the ability of agencies to share and match data.³⁰ The chair of the committee said

As often happens in the government, Washington, D.C. is the lagging indicator with legislation versus where technology in the rest of the country is. The Computer Matching and Privacy Protection Act of 1988 went into action at a time that we lived in a different technology world, with different methods of sharing information…. And realistically, when we look at this, and trying to tie this information together … that matching done right, in an integrated fashion, will free capacity to manage by exception, instead of having to spend an inordinate amount of time…. We have disconnected processes, and that can't be fixed in the current data environment. And we have many of our citizens, many frustrated agency workers that are trying to be good stewards of the taxpayers' money that lose this in process.³¹

Congress has grappled with the CMPPA's provisions in drafting new legislation. For example, in the 117^th Congress, H.R. 7275 would require data exchanges and the sharing of claims and payment data to detect and prevent duplicate medical payments. While the bill would require the Secretary of Veterans Affairs, the Secretary of Defense, and the administrator of the Centers for Medicare & Medicaid Services to enter into a data matching agreement, the bill specifically does not require such an agreement to comply with the CMPPA's requirement for matching agreements. Also introduced in the 117^th Congress, H.R. 8416 would exempt from the CMPPA an information sharing system that would "facilitate the administration of the universal application for federal disaster assistance" and "detect, prevent, and investigate waste, fraud, abuse, or discrimination in the administration of disaster assistance programs."

The CMPPA arguably helps facilitate other laws and their implementation, such as benefits administration. In other cases, however, it may be seen as complicating implementation of legislation. For example, the Fraud Reduction and Data Analytics Act of 2015 (P.L. 114-186) required OMB to develop guidelines for agencies to (1) establish financial and administrative controls to identify and assess fraud risk and (2) design and implement control activities that would prevent, detect, and respond to fraud.³² The act further required OMB to base these guidelines on the Government Accountability Office's (GAO's) "Framework for Managing Fraud Risks in Federal Programs."³³ GAO's framework includes data matching and combining data across programs and from separate databases, if legally permissible, to facilitate reporting and analytics.³⁴ However, GAO noted in its framework that agencies cited the CMPPA as a hindrance to detecting fraud.³⁵

The Payment Integrity Information Act of 2019 (P.L. 116-117) superseded the Fraud Reduction and Data Analytics Act. The Payment Integrity Information Act permits the head of each executive agency to enter into matching agreements with other agencies to allow for ongoing automated data matching to detect and prevent improper payments.³⁶ The law also allows matching agreements to terminate in three years (or less) and to be extended for up to three years.³⁷ For a discussion of matching agreements, see "Matching Agreements" within this report.

Defining Matching for the Purposes of the CMPPA

The concept of computer matching and the statutory definition of matching program are separate and distinct. The CMPPA does not define computer matching as the activity to be regulated. Rather, the CMPPA defines what constitutes a matching program and is thus subject to the act's requirements. While computer matching may invoke various methods and have various applications, the scope of the CMPPA is limited to what the statute has defined as a matching program.

The separation between computer matching and a matching program, however, creates ambiguity as to whether certain methods of computer matching are consistent with the statutory definition of matching program, including how OMB has interpreted the definition of matching program. According to a 2014 GAO report, ambiguity in the definition affects consistent implementation of the act across agencies and creates confusion among agencies as to what types of computer matching activities are covered by the CMPPA:³⁸

Varying agency interpretations of the scope of the act are partially due to unclear guidance from OMB on this subject. OMB's 1989 matching guidance includes examples of front-end verification programs that are covered by the act, but none of OMB's guidance documents indicate specifically whether queries are subject to the act.³⁹

Scoping Computer Matching and Methods for How Records Are Compared

When considering the CMPPA bill introduced in the House (H.R. 4699), the Committee on Government Operations characterized computer matching as "the computerized comparison of records" for specific purposes.⁴⁰ The committee then discussed two methods for computer matching—"classic computer matching" and "front end verification."

Classic computer matching "involves all the records in one record system with all the records in a second system."⁴¹ All records are reviewed without selection or specific targeting.⁴² Front-end verification is more narrowly focused on "comparing a single record with the contents of separate record system."⁴³ The committee noted the lack of federal guidelines and statutory and administrative controls for front-end verification.⁴⁴

The Committee on Governmental Affairs⁴⁵ did not describe methods for computer matching in its report on the Senate's CMPPA bill (S. 496) but described computer matching as the "computer-assisted comparison of two or more automated lists or files to identify inconsistencies or irregularities among the lists or files."⁴⁶ The committee included "so-called front-end eligibility verification matches" as one of the categories of computer matches that would meet the definition of matching program.⁴⁷ The committee reported the following:

Unlike current OMB guidelines which do not apply to front-end eligibility verification or to matching programs that do not compare a substantial number of records, checks on specific individuals to verify data … are subject to the bill.⁴⁸

As part of its role in implementing the Privacy Act, OMB issued guidance in 1979 on matching programs and revised guidance in 1982.⁴⁹ The 1979 guidance stated that matching programs do not include checks on specific individuals to verify information.⁵⁰ The 1982 guidance maintained that matching programs do not include checks on specific individuals when done within a certain time frame.⁵¹

A CMPPA bill (S. 2756) introduced in the 99^th Congress, identified "front-end eligibility verification programs" as a specific method of matching subject to the requirements for matching programs. S. 2756 defined front-end verification programs as "the certification of accuracy of information supplied by an applicant for federal financial assistance by matching such information against a computerized data base." However, the CMPPA bills introduced in the 100^th Congress did not use nor define front-end eligibility verification programs. For more discussion on the legislative history of the CMPPA, see Appendix A of this report.

While the provisions of law enacted by the CMPPA do not reference either classic computer matching or front-end verification, the terms have been used in committee reports, the guidance issued by OMB, and review by GAO of OMB guidance and agency implementation. This suggests these terms are relevant to how agencies conduct matching programs.

Methods of Computer Matching: Classic Computer Matching and Front-End Verification

Classic Computer Matching

The House Committee on Government Operations described "classic computer matching" as comparing many individual or organizational records from two or more separate databases.⁵² These records may be matched on name, SSN, address, government contract number, or other identifiers.⁵³ When the identification criterion for one record matches the same identification criterion in another record, this is called "a match."⁵⁴

Classic computer matching may be used to identify people enrolled in two programs, such as all federal employees who receive a particular benefit under a federal benefit program.⁵⁵ It may also be used to identify and compare records that have a particular characteristic, such as to compare federal program beneficiaries' records with financial records to identify financial assets in excess of a certain, specified amount.⁵⁶

Front-End Verification

In "front-end verification," matching is the technique of comparing information provided by a single program applicant with data in other federal government files or with data in a separate record system.⁵⁷ This method of computer matching usually occurs at a very early stage—or the front-end—of a longer application process for benefits, assistance, or employment. Front-end verification acts as an initial filter for determining eligibility by verifying information provided by an applicant.⁵⁸ It may affect whether an individual can proceed to the next stage of the application process and have the application further considered.

Matching Programs: Computer Matching for Specific Purposes

The CMPPA defines matching program as any computerized comparison of two or more automated systems of records or a system of records with nonfederal records for one of the purposes defined in the CMPPA.⁵⁹ Specifically, the CMPPA covers how agencies conduct matching programs related to (1) federal benefit program administration and (2) the use of federal personnel and payroll records.⁶⁰

Administration of Federal Benefit Programs

The CMPPA covers computerized comparisons that are used for verifying or establishing the eligibility of applicants for federal benefit programs, including those that provide cash, in-kind assistance, and payments.⁶¹ These matching programs include those that determine the ongoing eligibility of a current benefit program participant, such as confirming compliance with program-specific statutory or regulatory requirements.

Computerized comparisons that are for the purpose of recouping of payments and debts made under benefit programs are also covered by the CMPPA as matching programs.⁶²

Using Federal Personnel and Payroll Records

The CMPPA also covers computerized comparisons of automated federal personnel or payroll records.⁶³ Whereas the CMPPA states the particular purposes under which a matching program can be used in benefit program administration, there is no direct reference to a particular purpose with respect to federal personnel or payroll records.

In its report on the CMPPA, the Senate Committee on Governmental Affairs noted the risk involved in matches of federal personnel or payroll records:

[H]istorically, many matching programs have involved the records of federal employees or federal retirees…. Because the files on these individuals are most readily available to agencies for use in matching programs, concerns have been raised that these individuals are "captives" of matching programs and could, unless protected, be most vulnerable to breaches of privacy in matching programs.⁶⁴

OMB Guidance on Matching Programs Covered by the CMPPA

The CMPPA requires OMB to issue guidance to agencies on implementing the law.⁶⁵ OMB's Final Guidance Interpreting the Provisions of P.L. 100-503, the Computer Matching and Privacy Protection Act of 1988 discusses the definition of matching program to include federal personnel or payroll matches and federal benefit matches.⁶⁶

Of federal personnel or payroll matches, OMB states that matches must be done for reasons other than routine administrative purposes for the CMPPA to cover it as a matching program.⁶⁷ Furthermore, OMB characterizes these matching programs to include "matches whose purpose is to take any adverse financial, personnel, disciplinary, or other adverse action against federal personnel."⁶⁸

Four Elements of Matching Programs Involving Federal Benefit Programs

OMB's guidance includes four elements within its characterization of a "federal benefits matching program:" (1) the computerized comparison of data, (2) categories of subjects covered, (3) types of programs covered, and (4) matching purpose. According to OMB, all four elements must be present to be a matching program covered by the CMPPA.⁶⁹

Computerized Comparison of Data

In its guidance, OMB states that to be considered a matching program, the activity must involve a computerized comparison and records from two or more automated systems of records or from an agency's automated system of records and automated records maintained by a nonfederal agency (i.e., an agency or agent of state or local government).⁷⁰ OMB provides three examples of computerized comparisons of data.⁷¹

• 1. A state government employee accesses an automated federal system of records and enters data received from an applicant that is maintained in an automated form by the state government. The state employee matches this data with the federal information, makes an eligibility determination, and updates the state's database.
• 2. A state government employee enters data about applicants for a federal benefit program into an automated database. At the end of the week, the state government sends current applicant "tapes" to a federal agency, which matches the data with information in its automated system of records.⁷² The federal agency reports results from the match to the state.
• 3. A federal agency operating a benefits program sends a tape with the information of defaulters to the Office of Personnel Management (OPM) to match against an OPM automated system of records that contains information about federal retirees in order to locate defaulters.

OMB also addresses whether information received orally from an applicant by a state employee and entered into a federal system of records constitutes a matching program.⁷³ OMB believed that the state government would likely create and maintain a record using information it had received orally and entered into a federal system of records and, therefore, would be covered by the CMPPA.⁷⁴

OMB's guidance does not directly mention or include front-end verification in its discussion of the computerized comparison of data or its definition of matching program. However, front-end eligibility verification programs is a term used by OMB in the context of one of the law's requirements for providing notice to individuals that their records may be used in a matching program.⁷⁵

Categories of Subjects

OMB's guidance also describes three categories of subjects that are part of the definition of matching program and thus covered by the CMPPA: (1) applicants for federal benefit programs (i.e., applicants initially applying for a benefits program); (2) program beneficiaries (i.e., program participants who currently receive or formerly received benefits); and (3) providers of services that support federal benefit programs (i.e., those that derive income from a program but are not its primary beneficiaries).⁷⁶

Types of Federal Benefit Programs

OMB defines matching program to cover federal benefit programs that provide cash or in-kind assistance to individuals.⁷⁷ For the purposes of the CMPPA, in-kind assistance includes payments, grants, loans, or loan guarantees.⁷⁸ Any program that does not involve cash or in-kind assistance does not meet the definition of matching program and is not covered by the CMPPA.⁷⁹

OMB also clarifies in its guidance that the benefit program has to be using records of citizens or of aliens lawfully admitted for permanent residence for the matching to be subject to the CMPPA.⁸⁰

Matching Purpose

OMB's guidance includes the purpose of matches as an element of matching programs involving federal benefits. The CMPPA defines these purposes: to establish or verify eligibility for a federal benefits program, verify compliance with a program's statutory or regulatory requirements, and recoup payments and debts under such benefit programs.⁸¹

OMB goes further, however, and states that should any element be missing—for example, a matching purpose—then such matching would not be a matching program and would therefore not be covered by the CMPPA.⁸²

OMB provides an example of two agencies—the Department of Education and the Department of Veterans Affairs—matching information of student loan recipients and education benefit recipients. The purpose of the match is to maintain current addresses for these program beneficiaries. Because the match is not for a purpose defined by the CMPPA, it is not a matching program.⁸³

GAO's 2014 Report on Agency Interpretations of Matching Programs

There is a lack of consistency across agencies in their interpretation of what constitutes a matching program,⁸⁴ which ultimately affects compliance. OMB, as part of its guidance interpreting the CMPPA, warned agencies against "engaging in activities intended to frustrate the normal application of the act."⁸⁵ OMB also states that it is "extremely concerned that agencies not adopt data exchange practices that deliberately avoid the reach of the act where compliance would otherwise be required."⁸⁶

According to a 2014 report, GAO found that three of the seven agencies it reviewed had narrow understandings of the scope of matching program.⁸⁷ Officials at these three agencies had interpreted that compliance with the CMPPA was required only when matching programs involved an entire system of records against another database,⁸⁸ similar to the "classic computer matching" method. For example, some agencies believed that the act did not apply to matching of a single record, single-record queries of systems of records, or front-end verification even if such matching was for one of the purposes defined by the CMPPA.⁸⁹ Conversely, GAO found that another three of the seven agencies it reviewed considered front-end verification or front-end queries to require compliance with the CMPPA.⁹⁰ GAO stated that

varying agency interpretations of the scope of the act are partially due to unclear guidance from OMB on this subject. OMB's 1989 matching guidance includes examples of front-end verification programs that are covered by the act, but none of OMB's guidance documents indicate specifically whether queries are subject to the act…. Without clear guidance on the scope of the act, agencies are likely to continue to interpret what the act covers in varying ways, and its privacy protections are likely to continue to be inconsistently applied.⁹¹

Defining Parties to a Matching Program

A matching program involves two or more federal agencies or a federal agency and a state or local government or an agency thereof.⁹² The CMPPA accounts for the different roles an agency plays by defining recipient agency and source agency.⁹³

A recipient agency receives information contained in a system of records from a source agency.⁹⁴ A source agency discloses information to a recipient agency.⁹⁵ A recipient agency may disclose information that it matches back to the source agency.⁹⁶

A source agency is either a (1) federal executive branch agency or (2) a state or local government, including an agency thereof.⁹⁷ A recipient agency is a federal agency or one of its contractors. The CMPPA does not specifically name nonfederal agencies (i.e., state or local governments) in the definition of recipient agency. Certain federal benefit programs, however, may address circumstances when a nonfederal agency receives records disclosed to it by a federal agency.

State and Local Governments as Recipients of Federal Data

Existing statutes may imply that a state or local government can be the recipient of records from a federal agency, even if nonfederal governments are not specifically included in the definition of recipient agency enacted by the CMPPA.

The definition of nonfederal agency in the CMPPA references state and local governments receiving records from a federal agency for a matching program. As defined by the CMPPA, nonfederal agency means any state or local government, or agency thereof, that receives records contained in a system of records from a federal source agency for use in a matching program.⁹⁸

For example, the Food and Nutrition Service (FNS) within the U.S. Department of Agriculture published a notice in the Federal Register of a matching program between FNS and the state agencies that administer the Supplemental Nutrition Assistance Program (SNAP).⁹⁹ The matching notice indicates that state agencies are able to access a national database—the Electronic Disqualified Recipient System (eDRS)—maintained by FNS to determine whether an applicant for SNAP has been disqualified from receiving SNAP benefits in any state because of an intentional program violation (IPV).¹⁰⁰ FNS previously published a rule requiring each state agency to (1) report to eDRS information on individuals disqualified from SNAP because of an IPV and (2) access eDRS to check for disqualifications.¹⁰¹

According to a set of matching notices published in the Federal Register, the Federal Communications Commission, via the Universal Service Administrative Company, sends information on Emergency Broadband Benefit Program (EBBP) applicants to certain state agencies, including, at a minimum, names, birth dates, and the last four digits of SSNs.¹⁰² These state government agencies then match that information to their SNAP and Medicaid recipient records to confirm eligibility for the EBBP.

Key Statutory Requirements for Matching Programs

Matching Agreements

Generally, the CMPPA requires a written matching agreement between a source agency and a recipient agency prior to the disclosure and matching of records.¹⁰³ The law also prescribes the information that must be included in a matching agreement.¹⁰⁴ Among other details, matching agreements are to include

• the justification for the program and the anticipated results, including a specific estimate of any savings;
• a description of the records that will be matched, including each data element to be used, the approximate number of records that will be matched, and the anticipated start and completion dates of the matching program (see Table B-1 for examples);
• procedures for providing notice to an individual that information provided may be subject to verification through a matching program; and
• procedures for verifying information produced in a matching program.¹⁰⁵

A matching agreement is not effective until 30 days after a copy has been sent to the Senate Committee on Homeland Security and Governmental Affairs and the House Committee on Oversight and Reform.¹⁰⁶ For more information on the roles committees play in receiving information on matching programs, see "Reporting from Agencies to OMB and Congress" within this report.

Matching agreements are valid for an initial 18-month period.¹⁰⁷ Within three months of the expiration of the initial agreement, the agreement may be renewed for one additional year if the matching program will be conducted without any change.¹⁰⁸

Matching agreements are also to be made available to the public.¹⁰⁹ In OMB's Circular No. A-108, "Federal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act," each agency with one or more matching programs is to list and provide links to up-to-date matching agreements for all active matching programs on the agency's Privacy Act website.¹¹⁰

Data Integrity Boards

An agency that conducts a matching program—either as a source or recipient agency—must establish a Data Integrity Board (DIB).¹¹¹ Nonfederal agencies are not required to establish DIBs.¹¹²

An agency's DIB approves or declines a proposed matching program and executes matching agreements. Among other responsibilities under the CMPPA, the board is to assess cost-benefit analyses of matching programs and review on an annual basis any existing matching programs in which the agency participates to assess the continued justification for the agency's participation.¹¹³ The board is to compile an annual report describing the agency's matching activities and submit the report to OMB and the head of the agency.¹¹⁴

The CMPPA directs the head of the agency participating in a matching program to appoint certain senior officials within the agency to the DIB. Each DIB must include any senior official within the agency responsible for implementation of the Privacy Act and the inspector general (IG) if the agency has an IG.¹¹⁵ The IG, however, cannot chair the board.¹¹⁶ OMB recommends that the agency Privacy Act officer be secretary of the board.¹¹⁷ OMB also suggests that much of the board's work, except for the approval of matching agreements, can be delegated to less senior members.¹¹⁸ Agencies must report changes to the board's membership in the annual report compiled by the DIB.¹¹⁹

Table 1 shows examples of the variation in DIB membership composition across three agencies, including variation in the number of board members and in titles and roles represented on the board. One of the examples is of an agency where a member of the board—the chief privacy officer—has designated members to the board.¹²⁰

Cost-Benefit Analyses

The House Committee on Government Operations in 1988 noted in its report accompanying H.R. 4699 that proponents of computer matching believed it yielded savings to the federal government through reductions in fraud, waste, and abuse in benefit programs.¹²¹

The committee thought that computer matching should be permitted only if a benefit to the government could be demonstrated.¹²² It stated that "the cost effectiveness of computer matching has yet to be clearly demonstrated. This is the conclusion that can be drawn from recent studies by GAO and OTA."¹²³ The committee, however, citing a GAO report, saw value in cost-benefit analyses for determining the cost effectiveness of matching programs.¹²⁴

The CMPPA generally requires an agency to assess the costs and benefits of a proposed matching program before approving a matching agreement.¹²⁵ These cost-benefit analyses are to demonstrate that the computer matching is likely to be cost effective in order for the matching agreement to receive approval.¹²⁶ Matching agreements are to include the specific estimate of savings.¹²⁷

In its guidance, OMB advises that a recipient agency conduct the cost-benefit analysis for a proposed matching program and share the results with the source agency to aid in the source agency's decisionmaking to participate in the matching program.¹²⁸

While a matching agreement is to include specific estimates of any savings, OMB's guidance cautions against literal interpretations of the cost-effectiveness requirement. In an example, OMB says that the first year of a matching program may yield a highly favorable benefit-to-cost ratio, but the ratio may be less favorable in subsequent years because its deterrent effect on fraud, for example, is no longer as dramatic.¹²⁹ OMB also advises agencies to consider the costs of not conducting a matching program when estimating costs and benefits.¹³⁰

Waiving the Cost-Benefit Analysis Requirement

The CMPPA's requirement to assess costs and benefits can be waived under one of two circumstances:

• 1. The DIB determines that, in accordance with guidance issued by OMB, a cost-benefit analysis is not required; or
• 2. An existing statute requires a matching program.¹³¹

In the latter scenario, a cost-benefit analysis is to be performed upon the expiration of the initial 18-month matching agreement and before the DIB approves a renewal of the agreement.¹³² Furthermore, according to OMB's guidance, cost-benefit analyses of matching programs required by statute do not need to demonstrate a financial savings or suggest cost-effectiveness, but the analysis must be done nevertheless to extend the matching program for one year.¹³³

Cost-Benefit Analysis Methods

The CMPPA does not specify the elements to be considered in a cost-benefit analysis of a matching program but rather directs OMB to develop guidance to agencies on implementation.¹³⁴ OMB's guidance suggests agencies consult the 1986 GAO report "Computer Matching: Assessing its Costs and Benefits" to inform their cost-benefit analyses.¹³⁵ GAO's cost-benefit methodology includes estimating two key costs (personnel and computer costs) and two key benefits: (1) avoidance of future improper payments and (2) recovery of improper payments and debts.¹³⁶

In its 2014 report, GAO found that most matching agreements for the agencies GAO examined did not assess the key elements included in GAO's 1986 methodology report.¹³⁷ In its guidance, OMB stated that it would develop "a checklist providing a step-by-step methodology for accomplishing benefit-cost analysis,"¹³⁸ but it appears to GAO that no such checklist has been made available to agencies.¹³⁹

Table 2 provides an illustration of the reported savings, costs, and cost-benefit ratios reported in the matching agreements of some matching programs. In these examples, some agreements report only costs or only savings. Without both costs and savings, it is difficult to ascertain the financials of matching programs. Even where matching is required by law, missing information in matching agreements on costs and savings is consequential for understanding the economics of matching that Congress required in statute.

Notifying Individuals of the Use of Their Information in a Matching Program

A source agency must obtain an individual's consent as a condition of disclosing that individual's records to a recipient agency in a matching program.¹⁴⁰ The agency disclosing records can either (1) obtain written consent directly from the individual or (2) use an exception to consent as permitted in Title 5, Section 552a(b), of the U.S. Code.¹⁴¹

The CMPPA requires that matching agreements include procedures for providing individualized notice at the time of application, and periodic notice thereafter, to (1) applicants for and recipients of financial assistance or payments under federal benefit programs and (2) applicants for and holders of positions as federal personnel.¹⁴²

OMB identifies two ways an agency can provide notice to individuals: direct notice and constructive notice.¹⁴³

Direct Notice

OMB describes direct notice as when there is some form of contact between the government and the individual.¹⁴⁴ It may include information provided on an application form. For "front-end eligibility verification programs," OMB suggests that agencies enlarge the statement on an application form that is required by Title 5, Section 552a(e)(3), to notify individuals that the information they provide is subject to matching.¹⁴⁵

Providers of services should also be given notice on the form they use to apply for reimbursement for the services they provide.¹⁴⁶

After an initial notice to an individual at the time of application, the CMPPA requires periodic notice as directed by the DIB and subject to OMB guidance.¹⁴⁷ The act does not define periodic or impose any specific timing requirements. OMB's guidance to agencies is that periodic notice should be provided whenever the application is renewed, or at least while the match is authorized, and that such periodic notice should accompany the benefit.¹⁴⁸

Constructive Notice

Another way of providing notice to individuals is through constructive notice. This type of notice includes notices that are published in the Federal Register. The CMPPA requires a recipient agency to publish a notice in the Federal Register of a matching program 30 days prior to starting such program.¹⁴⁹ OMB's Circular No. A-108 indicates that if a nonfederal agency is the recipient agency, then the federal agency providing the records (i.e., the source agency) is required to publish the notice.¹⁵⁰

OMB stipulates that such constructive notice for a matching program might be necessary in "emergency situations where health and safety reasons argue for a swift completion of a match," in cases where the matching program is to locate a person, or in other situations where it is not possible to provide direct notice to individuals.¹⁵¹

Notice to an individual of a matching program is effectively constructive when an agency relies on one of the Privacy Act's statutory exceptions to written consent, because the recipient agency is still required to publish notice of a matching program in the Federal Register.

For example, notice procedures are detailed in the matching agreement between the Small Business Administration (SBA) and the Department of Homeland Security (DHS).¹⁵² The agreement specifies that each agency has published a system of records notice¹⁵³ in the Federal Register that notifies applicants and recipients of the respective programs that their information may be subject to verification through a matching program.¹⁵⁴ Additionally, the agreement states that for SBA recipients specifically, several of SBA's application forms provide notice to applicants that information may be disclosed under a routine use¹⁵⁵ published in the system of records notice.¹⁵⁶

Verifying the Accuracy of Information Produced in Matching Programs

The CMPPA requires agencies to independently verify the accuracy of information produced in a matching program prior to suspending, terminating, reducing, or making a final denial of any assistance or payment to an individual.¹⁵⁷ When first passed in 1988, the CMPPA provided that no agency was to take adverse action against an individual whose records are matched in a matching program without first independently verifying any information that was produced by the matching program and used as a basis for the adverse action.¹⁵⁸ This requirement was amended in 1990 to add a role for an agency's DIB and to resolve conflicts that stemmed from existing laws governing federal benefit programs.¹⁵⁹

The 1990 amendment to the CMPPA allows either for an agency to independently verify information, as before, or for the DIB of the recipient agency to waive the requirement.¹⁶⁰ As the statute stands today, the DIB can waive the independent verification requirement if (1) it determines that the information used as the basis for an adverse decision against an individual is specific to the information identifying the individual (e.g., name, address, an identification number) and to the amount of benefits paid to the individual by the source agency;¹⁶¹ and (2) it has a "high degree of confidence" in the accuracy of the information received from the source agency that is used in the match.¹⁶²

On the amended verification requirement, the House Committee on Government Operations reported

The purpose of the independent verification requirement is to assure that the rights of individuals are not affected automatically by computers without human involvement and without taking reasonable steps to determine that the information relied upon is accurate, complete, and timely. No one should be denied any right, benefit, or privilege simply because his or her name was identified in a match as a "raw hit." There can be no general presumption that information obtained from a computer is necessarily correct.¹⁶³

Some matching programs may still use independent verification procedures despite the waiver provision enacted by Congress in 1990. For example, HHS provides access to new hire and quarterly wage information from the National Directory of New Hires (NDNH) to the state agencies that administer the unemployment compensation program.¹⁶⁴ The matching agreement between HHS and the state agency includes the following condition:

[T]he state agency understands that information obtained from the NDNH is not conclusive evidence of the address and employment information of an identified individual and must, in accordance with 5 U.S.C. §552a(p)(2), independently verify the NDNH information before taking adverse action to deny, reduce, or terminate benefits.¹⁶⁵

OMB's Guidance on Verification Procedures

Congress instructed OMB to issue guidance on implementing the 1990 amendment on verification procedures.¹⁶⁶ OMB published proposed guidance in the Federal Register and sought comments, including on the types of evidence that may permit a DIB to reach a "high degree of confidence" in the accuracy of data produced in a matching program.¹⁶⁷ No guidance in final form was subsequently published, but OMB provides a link to the proposed guidance on its Information and Regulatory Affairs webpage with privacy guidance, suggesting that the proposed guidance is, at least, the prevailing guidance to agencies.¹⁶⁸

Providing Individuals with an Opportunity to Contest Information Used Against Them

The CMPPA also requires an agency to provide notice to an individual if its findings from a matching program will result in denying, terminating, suspending, or reducing any financial assistance or payment to that individual under a federal benefit program.¹⁶⁹ Additionally, individuals are allowed time to contest such findings.¹⁷⁰

When the CMPPA was first passed, it required all federal benefit programs to allow 30 days for individuals to respond to notices.¹⁷¹ However, some programs at the time were operating under statutes or regulations that permitted fewer than 30 days.¹⁷² The 1990 amendment to the CMPPA allowed the notice period to vary with program-specific statutes and regulations.¹⁷³ Thus, how much time an individual has to respond depends on whether statute or regulation for the specific benefit program establishes a time period to respond or, if no such statute or regulation exists, within 30 days of receiving notice.¹⁷⁴

Reporting

The CMPPA included several reporting mechanisms that have changed over the years through various congressional actions.

Reporting from OMB to Congress

Congress included in the CMPPA a requirement for OMB to report to Congress.¹⁷⁵ This reporting was to consolidate the reports that DIBs submitted to OMB and, specifically, was to include details on the cost-benefit analyses of matching programs, including the waiver of those analyses by DIBs.¹⁷⁶

In addition, OMB is to biennially report to Congress more broadly on the implementation and administration of the Privacy Act, including the CMPPA.¹⁷⁷ This reporting requirement, however, effectively ceased when Congress passed the Federal Reports Elimination and Sunset Act of 1995 (P.L. 104-66) and the Federal Reports Elimination Act of 1998 (P.L. 105-362).¹⁷⁸

Reporting from Agencies to OMB and Congress

Some reporting on matching programs is still required, however, including the annual report by an agency's DIB to the head of the agency and to OMB.¹⁷⁹

In addition, an agency is to report proposals for new, re-established, or significantly modified matching programs to OMB, the House Committee on Oversight and Reform, and the Senate Committee on Homeland Security and Governmental Affairs in order to permit an evaluation of the probable or potential effect of the proposal on the privacy or other rights of individuals.¹⁸⁰ Potentially significant modifications include those that (1) change the purpose of the program, (2) change the authority to conduct the matching program, (3) expand the types or categories or significantly increase the number of records being matched, (4) expand the categories of individuals whose records are being matched, and (5) change the source or recipient agencies.¹⁸¹

OMB clarifies in Circular No. A-108 that submitting notice of a new or significantly modified matching program to OMB and Congress occurs prior to public notice in the Federal Register and, furthermore, that OMB will have 30 days to review the new or modified matching program.¹⁸² As a result, a new matching program cannot begin for at least 60 days following the approval of the matching agreement by the DIBs at the source and recipient agencies.¹⁸³

When an agency plans to re-establish a matching program, including plans approved by the agency's DIB to renew a matching program for one-year beyond the expiration of the current matching agreement, it is to provide at least 60 days of advance notice to OMB and Congress.¹⁸⁴

Exceptions to the CMPPA's Coverage

Several uses of computer matching are excepted from the CMPPA's requirements. While some of these exceptions were included in the law when it was first passed in 1988, others represent amendments passed in the years since.

Matches that are excepted may be arranged into six different categories. Broadly, the categories include (1) research and statistics; (2) matching with no adverse impact to federal employees; (3) law enforcement, security, and intelligence; (4) administration of taxes, levies, and certain savings programs; (5) inspectors general and fraud, waste, and abuse; and (6) selected matches by SSA involving incarcerated and other justice-system-involved individuals.

Research and Statistics

The CMPPA does not cover matching for research and statistics. This includes

• producing aggregate statistical data without any personal identifiers¹⁸⁵ and
• when the specific data involved are not used to make decisions concerning the rights, benefits, or privileges of specific individuals.¹⁸⁶

Matching with No Adverse Impact to Federal Employees

Matching that does not have an adverse impact on federal personnel is also excepted.¹⁸⁷ This exception includes matches that

• relate to federal personnel and are conducted for routine administrative purposes as per OMB guidance¹⁸⁸ or
• use only records from systems of records maintained by that agency if the purpose of the match is not to take any adverse financial, personnel, disciplinary, or other action against federal personnel.¹⁸⁹

Law Enforcement, Security, and Intelligence

Several types of matching done for the purpose of law enforcement and security are also excepted. These matches include those that

• investigate a person that has been specifically identified and named for the purpose of gathering evidence against such person as part of an investigation if the investigation is performed by an agency or a component of an agency with a principal function of criminal law enforcement,¹⁹⁰
• assist foreign counterintelligence,¹⁹¹ or
• produce background checks for security clearances of federal personnel or the personnel of a federal contractor.¹⁹²

Administration of Taxes, Levies, and Certain Savings Programs

The CMPPA, when originally passed in 1988, included several tax-related matches that were excluded from the definition of matching program. In the years since, Congress has expanded upon the types of tax-related matches excluded from the purposes of the CMPPA.¹⁹³ These matches include those that

• are for the purposes of tax administration, including the management and application of internal revenue laws or related statutes, as well as the development of tax policy;¹⁹⁴
• enable allowable disclosures, including to state tax agencies, to administer state tax laws or to locate an individual who may be entitled to a refund;¹⁹⁵
• intercept a tax refund due to an individual¹⁹⁶ or for any other tax refund intercept program that is authorized by statute that OMB determines to have verification, notice, and hearing requirements that are substantially similar to those required for state income and eligibility verification systems under the Social Security Act, as amended;¹⁹⁷
• are conducted incidental to the collection of an unpaid government payment,¹⁹⁸ or
• are conducted pursuant to a qualified Achieving a Better Life Experience program.¹⁹⁹

Inspectors General and Fraud, Waste, and Abuse

Matches that IGs may use as part of their fraud, waste, and abuse prevention and investigation activities are not matching programs for the purposes of the CMPPA. Specifically, this includes matches that are

• conducted by an IG for an audit, investigation, inspection, evaluation, or other review authorized under the Inspector General Act of 1978, as amended;²⁰⁰ or
• conducted by the Secretary or IG of HHS with respect to potential fraud, waste, and abuse.²⁰¹

Selected Matches by SSA Involving Incarcerated and Other Justice-System-Involved Individuals

Some matches SSA may perform are excepted from the CMPPA. Specifically, these are matches where

• any federal or state agency makes available to the SSA the names and SSNs of any individuals who are confined in jails, prisons, or other penal institutions following conviction of a criminal offense, are confined by court order because of certain types of verdicts or court findings, or meet certain other related criteria,²⁰² or
• the SSA seeks on a monthly basis from a state or local correctional facility—including jails and prisons, or similar institutions that confine individuals—the names, SSNs, and other specific information of any individuals confined in those facilities.²⁰³

Issues for Congress

OTA concluded in 1986 that information technology capabilities and uses had changed so dramatically since the Privacy Act of 1974 that they eroded the privacy protections of the law.²⁰⁴ Such dramatic changes in information technology and its uses also characterize the 30-plus years since the CMPPA went into effect.

Agencies in the executive branch have conducted computer matching since at least the 1970s. Congress devoted particular attention to computer matching through the 1970s and late 1980s, which ultimately resulted in the CMPPA.

In the decades since, there have been minimal updates to OMB guidance on CMPPA implementation and a decrease in the number of hearings by Congress that specifically examine matching programs. Yet agencies continue to actively implement the law. Congress continues to view data matching as a policy option for reducing fraud and improper payments, and agencies continue to rely upon matching programs to comply with various laws.²⁰⁵

Congress might assess whether there are opportunities to improve computer matching in government operations and management. Matching program oversight by Congress may aid implementation of the CMPPA. There are a number of areas Congress may want to contemplate and some possible directions for future oversight or legislation. These areas are (1) clarifying the scope of the CMPPA, (2) developing an accurate accounting of matching programs, (3) ensuring sufficient and contemporaneous OMB guidance, and (4) assessing regulation and oversight of data matching.

Clarifying the Scope of the CMPPA

Congressional committees provided some definition of specific methods of computer matching when the CMPPA was first considered (see in this report, "Defining Matching for the Purposes of the CMPPA"). However, the law itself does not provide information on the computer matching methods that are within the purview of the CMPPA, such as single-record or many-record comparisons.

Separate analyses by OTA and GAO found definitional issues with matching programs since as early as the 1980s and as late as the 2010s.²⁰⁶ While the statutory definition of matching program includes the words any computerized comparison, the absence of methods that meet the definition permits agencies to derive their own interpretations of what types of methods are covered by the CMPPA. The result is that some agencies' activities may potentially avoid the reach of the CMPPA.²⁰⁷

The lack of a consistent understanding across executive agencies of the types of matching methods subject to the CMPPA's provisions leaves questions about what protections are afforded to individuals in cases where an agency believes its matching methods to be outside of the scope of the CMPPA.

Congress could amend the statute to define matching methods or provide language that makes clear the number of records in a computerized comparison to constitute a matching program. OMB could also update its guidance to clarify the scope of methods and enforce compliance accordingly.

Developing an Accurate Accounting of Matching Programs

It is challenging to determine the number of matching programs that are being conducted at any given time. The House Committee on Government Operations recognized the need to establish administrative controls for matching programs, in part, because of the difficulty in ascertaining their prevalence.²⁰⁸

There is no accessible database or cataloging of current active matching programs. This makes it difficult to determine the number of matching programs, including the number of individual records that are disclosed for matching programs. As illustrated in Appendix B, some matching programs involve the use of millions of individual records. Congress may want to establish requirements for a centralized database of matching programs.

Although OMB directs agencies to maintain webpages that include information on their matching agreements and public notices of matching programs, there is no enforcement mechanism of the requirement. This leaves the public dependent on each agency to maintain webpages with current information. For example, the Department of Education updated its matching agreements webpage in October 2022 and lists one matching program in operation.²⁰⁹ Yet the department published notice in the Federal Register in August 2021 of a matching program to begin in September 2021 that would continue for 18 months, putting it in operation until March 2023.²¹⁰ Requirements for Federal Register notices assume public knowledge about the Federal Register and, arguably, assumes that the public frequently and easily peruses it for notices that may pertain to them.

Congress may consider establishing a deadline for when information about matching programs is posted on agency websites. There are laws that provide general requirements for federal websites,²¹¹ but there is wide variation across agencies in the frequency of website updates. Congress may also consider how to monitor compliance and provide effective enforcement of timeliness.

The reporting requirement for the Privacy Act and CMPPA was terminated by the Federal Reports Elimination and Sunset Act of 1995. This eliminated reporting on the number of matching programs and their purposes through OMB's reports to Congress.²¹² Congress may wish to reinstate this requirement for OMB, or establish it for an agency such as GAO, to gain an accurate accounting of matching programs that could assist in the management and oversight of such matching programs across the federal government.

Ensuring Sufficient and Contemporaneous OMB Guidance

Congress directed OMB to issue guidance to agencies²¹³ and provide continuing assistance and oversight of the CMPPA's implementation.²¹⁴

OMB issued guidance to agencies in 1989 subsequent to the passage of the CMPPA.²¹⁵ At that time, OMB commented, "Although the following guidance is published in final form, OMB realizes that the implementation of this complex act will undoubtedly require the issuance of additional and clarifying guidance and intends to monitor the agencies' implementation closely to that end."²¹⁶

As part of its report on implementation of the CMPPA, GAO made four recommendations to OMB,²¹⁷ three of which were not implemented, including a recommendation to revise guidance and clarify requirements. According to GAO, "In August 2017, OMB stated that it does not intend to address the recommendation [to revise its guidance] because it believes that the current guidance is sufficient."²¹⁸

In December 2016, OMB updated Circular No. A-108, "Federal Agency Responsibilities for Review, Reporting, and Publication Under the Privacy Act,"²¹⁹ including information to agencies on when agency DIBs should submit their annual reports to OMB, where to email them, and instructions to post the reports on the agencies' websites.²²⁰

Congress may consider examining OMB's guidance, including whether revised guidance is needed, whether the guidance meets the current data and information technology environment and opportunities, and how revised guidance may improve the ongoing implementation of the CMPPA.

GAO reported that OMB has provided little assistance to agencies and that OMB assistance has been inconsistent.²²¹ Congress may want to investigate what OMB has learned in the decades it has spent providing assistance and oversight of implementation of the CMPPA.

Assessing Regulation and Oversight of Data Matching

Several types of matching are excepted from the CMPPA. Little is known, however, about how frequently or how much of this excepted matching is conducted by federal agencies.

OMB and Congress are, by statute, required to receive notice of matching programs to permit the evaluation of the potential effects of such programs on individual privacy or other rights.²²² However, there is no oversight mechanism designated to evaluate the impacts of matching that is excepted from the CMPPA, no centralized reporting on the matching that qualifies as an exception, and few government-wide administrative controls for such matching excepted from the CMPPA. Congress could consider oversight hearings to determine if current controls and mechanisms are effective for the several types of matching conducted outside of the CMPPA's scope.

Because the definition of source agency in the CMPPA limits the purview of the law to government agencies, some agencies that match individual information with nongovernment data sources may do so with varying degrees of privacy protections in place. The CMPPA's rules of construction specifically provide that "nothing in the amendments made by this act shall be construed to authorize the disclosure of records for computer matching except to a Federal, State, or local agency."²²³ The Senate's original CMPPA bill, however, included nonfederal entity—defined as a state or local government or an agency thereof, partnership, corporation, association, or public or private organization—as a party to matching programs,²²⁴ indicating that regulation of matching programs between agencies and nongovernment entities was a consideration before being removed from the scope of the bill by the House.²²⁵ Congress may wish to consider oversight mechanisms for when agencies match data with nongovernment data sources.

GAO conducted a review in 2016 on the use of commercial data services to help agencies identify fraud and improper payments.²²⁶ GAO noted a comment from OMB that agencies must consider relevant provisions of the CMPPA when using commercial data to conduct program integrity activities.²²⁷ But the CMPPA's rules of construction and definitions for recipient agency and source agency limit disclosures for matching programs to federal, state, and local governments.

The House Committee on the Judiciary held hearings in July 2022 on federal law enforcement's purchase of personal data from LexisNexis, a private corporation.²²⁸ More than 30 years before these hearings, the Senate Committee on Governmental Affairs warned that matching programs used by law enforcement, "if uncontrolled, can too easily become 'fishing expeditions' to find information about individuals when there is no suspicion of wrongdoing, risking violation of the Fourth Amendment."²²⁹ Congress may wish to extend CMPPA's controls and procedures to federal law enforcement's use of data compiled by private corporations.

Agencies may differ in the protections they afford to individuals against erroneous or adverse decisions that depend on data from nongovernment sources. Congress may wish to evaluate the definitions of source agency and recipient agency in the CMPPA and consider including nongovernments as parties to matching programs.

The House Committee on Government Operations acknowledged the disjointed nature of federal law concerning privacy and matching in the late 1980s.²³⁰ The committee offered that the Privacy Act predates the computer matching era. The CMPPA predates the current era of information technology, "big data," data integration, and data analytics. Congress may want to consider assessing the executive branch's matching of data on individuals and may look to consider exceptions to the CMPPA specifically as part of this oversight.

Appendix A. Computer Matching Prior to the CMPPA

The concept of data matching predates the 1980s and the rapid growth of data matching in the executive branch. An academic article published in 1959 discussed the "automatic linking" of vital records and how computers, such as the "Datatron," could be used to bring together "two or more separately recorded pieces of information concerning a particular individual or family."²³¹

Matching data on individuals directly impacts their privacy. The CMPPA amended Title 5, Section 552a, of the U.S. Code, which codifies the Privacy Act. While the Privacy Act is generally concerned with the unauthorized disclosure of information collected by agencies on individuals, the law does allow the disclosure of individual information under 12 exceptions.²³² One of these exceptions is routine use.²³³

The routine use exception allows for information to be disclosed—or, in practice, shared—"for a purpose which is compatible with the purpose for which it was collected."²³⁴ Prior to the passage of the CMPPA, a House Committee on Government Operations report stated

The legality of some disclosures that are necessary to support computer matching has been questioned since 1977. A primary question revolves around the "routine use" provision of the Privacy Act. Where records are disclosed by one agency to another for use in matching, the normal legal authority for the disclosure comes from a routine use.²³⁵

Historically, the exchange and matching of records between federal agencies had been primarily for the prevention and reduction of fraud, waste, and abuse.²³⁶ The first major computer matching program created by the federal government was reportedly Project Match in 1977.²³⁷ It was created to support the detection of improper benefit payments to federal employees by comparing records from the Department of Health, Education, and Welfare with records from wage reporting systems in 18 states, the District of Columbia, and a handful of major localities.²³⁸

Congress passed several laws in the years prior to the CMPPA that specifically permitted the sharing and comparing of individual information from systems of records maintained by agencies.²³⁹ According to OTA, these laws included

• The Tax Reform Act of 1976 (P.L. 94-455), which allowed the Secretary of the Treasury to disclose information from the IRS to federal, state, and local child support agencies to establish and collect child support obligations and locate individuals who owe such obligations;
• The Debt Collection Act of 1982 (P.L. 97-365), which allowed an agency to disclose to a consumer reporting agency a record that indicates that an individual is responsible for repayment of a claim the agency is attempting to collect; and
• The Deficit Reduction Act of 1984 (P.L. 98-369), which established that every state that administers certain Social Security Act programs must have an income and eligibility verification system that uses wage, income, and other information from the Social Security Administration and IRS and that verifies immigration status with the then-Immigration and Naturalization Service if the applicant for a program is not a citizen or U.S. national.²⁴⁰

According to OTA, even the Paperwork Reduction Act of 1980 (PRA; P.L. 96-511) was perceived at the time to encourage information sharing and potential matching between agencies in lieu of information collections to the extent such activities were permissible under other provisions of law.²⁴¹ The PRA enacted Title 44, Section 3510, of the U.S. Code, which authorizes the director of OMB to direct or allow an agency to make available to another agency, or an agency may make available to another agency, information obtained pursuant to an information collection if the disclosure is not inconsistent with any applicable law.

In their respective reports on the PRA, both the House Committee on Government Operations and the Senate Committee on Governmental Affairs indicated that they expected information sharing to be inconsistent with applicable law only if the applicable law specifically prohibited the sharing of information between agencies or the disclosure to anyone outside of the agency.²⁴² The committees did not perceive a prohibition on disclosure to the public to flatly prohibit sharing information with another agency.

OMB Guidance to Agencies on Matching Programs in 1979 and 1982

1979 Guidance

In 1979, OMB supported implementation of the Privacy Act by publishing guidelines for federal agencies on conducting matching programs.²⁴³ The guidelines were largely seen as being procedural and addressed some of the legal questions surrounding matching programs.²⁴⁴ Some observers believed that the guidelines created bureaucratic obstacles that deterred some activities.²⁴⁵

The 1979 guidelines directed executive agencies to conduct cost-benefit analyses using specific considerations, including any potential harm caused to individuals, before conducting a matching program.²⁴⁶

Additionally, an agency was to submit to the director of OMB, the Speaker of the House, and the President of the Senate a report that contained certain information on the matching program, such as the source agency, how the privacy and other rights of individuals would be protected, and the safeguards that would prevent unauthorized access to individuals' personal information.²⁴⁷ The guidelines also differentiated reporting requirements for antifraud matching programs from matching programs conducted for other purposes.²⁴⁸

The 1979 guidelines also specified that matching programs should be conducted "in house" rather than by a contractor.²⁴⁹

1982 Guidance

OMB revised the guidelines in 1982 based on comments from the President's Council on Integrity and Efficiency.²⁵⁰ According to the House Committee on Operations, OMB issued the revised guidelines without a public comment period.²⁵¹

The revised guidelines no longer distinguished between antifraud and other matching programs and excluded from the definition of matching program matches that did not compare a "substantial" number of records.²⁵²

OMB also required a written agreement between agencies involved in a matching program.²⁵³ The agreement was to prescribe the conditions under which the data from one agency could be used by another agency.

OMB continued to advise agencies to use their own employees instead of contractors.²⁵⁴ Where this was impractical, the guidelines offered some procedures for using contractors, including requirements that the contract include a clause about complying with the Privacy Act.²⁵⁵

Additionally, the 1982 guidelines replaced any reporting provided to OMB and Congress under the 1979 guidelines with publication in the Federal Register.²⁵⁶

Congressional Hearings and Reports

A Senate committee held hearings in December 1982 titled, "Oversight of Computer Matching to Detect Fraud and Mismanagement in Government Programs."²⁵⁷

Subsequent House hearings were held in June 1983 on Privacy Act oversight that also raised various issues with matching programs and the routine use exception.²⁵⁸ For example, the former counsel to the Subcommittee on Intergovernmental Relations of the Senate Committee on Government Operations testified

I think we needed to do something to clarify the routine use exception. Everyone recognized at the time of the adoption of the [Privacy Act] that you could not have a blanket prohibition on the exchange of information from one agency to another. The search for a solution resulted in the routine use provision.

The routine use provision, unfortunately, was probably a bad choice of words because it was created to allow exchanges of information that were compatible with the original purpose for which the material was collected, not routinely used by agencies, as it was more commonly interpreted.²⁵⁹

In 1983, the House Committee on Government Operations issued a report in which it noted that OMB's 1982 guidelines on matching programs "were revised and weakened in 1982"²⁶⁰ and "are significant to [the] review of OMB Privacy Act activities."²⁶¹

In 1984, Congress heard testimony on the sharing of tax records for matching purposes authorized under law.²⁶²

In the 99^th Congress, the CMPPA of 1986 was introduced in the Senate (S. 2756). The CMPPA of 1987 was introduced in the Senate in the 100^th Congress (S. 496)²⁶³ with some changes to the bill that had been introduced in the previous Congress.

The Senate passed S. 496 with an amendment in May 1987.²⁶⁴ A House version of the CMPPA (H.R. 4699) was introduced in May 1988 and passed the House in August 1988.²⁶⁵ The House substituted the language contained in H.R. 4699 for the Senate's language in S. 496 and passed S. 496.²⁶⁶

The Senate agreed to the House amendments to S. 496 with its own amendment,²⁶⁷ and the House concurred with the amended bill.²⁶⁸ The CMPPA was signed into law on October 18, 1988.

Appendix B. Information Disclosed and Data Matched in Matching Programs

Matching agreements are required to include specific information, including

• the purpose of and legal authority for the matching program;
• the justification for the matching program and the anticipated results, including specific estimates of any savings;
• a description of the records that will be matched, including each data element that will be used, the approximate number of records that will be matched, and the anticipated start and completion dates of the matching program;
• procedures for providing individualized notice at the time of application, and notice periodically thereafter, to applicants and recipients of federal benefit program assistance and to applicants for and holders of federal personnel positions that information provided may be subject to verification through matching programs;
• procedures for verifying information produced in matching programs;
• procedures for the retention and timely destruction of identifiable records created by a recipient agency or a nonfederal agency;
• procedures for ensuring the administrative, technical, and physical security of the records matched and the results of such matched records;
• prohibitions on duplication and redisclosure of records provided by the source agency within or outside the recipient agency or the nonfederal agency except where required by law or essential to the conduct of the matching program;
• procedures governing the use of records from a source agency by a recipient agency or nonfederal agency, including procedures for returning records to the source agency or destroying such records;
• information on accuracy assessments of records to be used in the matching program; and
• a notice that the Comptroller General may have access to all records of a recipient agency or a nonfederal agency that the Comptroller General deems necessary to monitor or verify compliance with the agreement.²⁶⁹

Table B-1 provides examples of some of the information contained in matching agreements for matching programs that were active in 2022, including any information that is subsequently disclosed by the recipient agency to the source agency and whether the disclosure is cited as using the routine use exception permitted by the Privacy Act.²⁷⁰