NASA OIG: Final Memorandum on NASA’s Implementation of the Privacy Provisions of the Electronic Government Act

Final Audit Report, “NASA’s Implementation of the Privacy Provisions of the Electronic Government Act” (Report No. IG-07-024; Assignment No. A-06-005-00)

On August 28, 2007, we issued the final report on our review of NASA’s implementation of Privacy Provisions of the Electronic Government Act of 2002 (E-Government Act). To determine NASA’s compliance with the E-Government Act Privacy Provisions, we focused on determining whether (1) NASA conducted privacy impact assessments (PIAs) for electronic information systems and collections and made the PIAs publicly available, (2) posted privacy policies on the Agency’s publicly accessible Web sites, and (3) translated privacy policies into a standardized machine-readable format. We found that NASA was in partial compliance with OMB guidance in that NASA had conducted PIAs for electronic information systems and collections and made PIAs publicly available on its Web site. However, privacy policies were not posted on 20 percent of NASA’s publicly accessible Web sites and not translated into a standardized machine- readable format on 75 percent of those sites. As a result, NASA could not be assured that privacy risks had been appropriately assessed by Web site officials, and users accessing those sites may not have received sufficient information to make informed decisions about whether to interact with the site. NASA has taken corrective actions or plans to take corrective actions to achieve full compliance with the Privacy Provisions of the E-Government Act.

We recommended that the Agency ensure compliance with the Privacy Provisions by annually reviewing the Agency’s publicly accessible Web sites to ensure sites are current and in compliance with existing requirements and by developing and reporting a timetable for translating privacy policies into a standardized machine-readable format. Management’s comments were responsive. We will close the two recommendations upon completion and verification of management’s corrective action.

The memorandum contains NASA Information Technology/Internal Systems Data that is not routinely released under the Freedom of Information Act (FOIA). To submit a FOIA request, see the online guide.