Subsection (v) of the Privacy Act requires the Office of Management and Budget (OMB) to: (1) "develop and, after notice and opportunity for public comment, prescribe guidelines and regulations for the use of agencies in implementing" the Act; and (2) "provide continuing assistance to and oversight of the implementation" of the Act by agencies. 5 U.S.C. § 552a(v).
The vast majority of OMB's Privacy Act Guidelines [hereinafter OMB Guidelines] are published at 40 Fed. Reg. 28,948-78 (July 9, 1975), available at http://www.whitehouse.gov/omb/assets/omb/inforeg/implementation_guidelines.pdf. However, these original guidelines have been supplemented in particular subject areas over the years. See 40 Fed. Reg. 56,741-43 (Nov. 21, 1975), available at http://www.whitehouse.gov/omb/assets/omb/inforeg/implementation1974.pdf ("system of records" definition, routine use and intra-agency disclosures, consent and Congressional inquiries, accounting of disclosures, amendment appeals, rights of parents and legal guardians, relationship to Freedom of Information Act (FOIA)); 48 Fed. Reg. 15,556-60 (Apr. 11, 1983), available at http://www.whitehouse.gov/omb/assets/omb/inforeg/guidance1983.pdf (relationship to Debt Collection Act); 52 Fed. Reg. 12,990-93 (Apr. 20, 1987), available at http://www.whitehouse.gov/omb/assets/omb/inforeg/guidance_privacy_act.pdf ("call detail" programs); 54 Fed. Reg. 25,818-29 (June 19, 1989), available at http://www.whitehouse.gov/omb/assets/omb/inforeg/final_guidance_pl100-503.pdf (computer matching); 56 Fed. Reg. 18,599-601 (proposed Apr. 23, 1991), available at http://www.whitehouse.gov/omb/assets/omb/inforeg/computer_amendments1991.pdf (computer matching); 61 Fed. Reg. 6,428, 6,435-39 (Feb. 20, 1996) ("Federal Agency Responsibilities for Maintaining Records About Individuals"), available at http://www.whitehouse.gov/omb/assets/omb/circulars/a130/a130trans4.pdf. See also, e.g., OMB Circular No. A-130 -- Memorandum for Heads of Executive Departments and Agencies, Subject: Management of Federal Information Resources, 61 Fed. Reg. 6428 (Feb. 20, 1996), as amended, 65 Fed. Reg. 77,677 (Dec. 12, 2000), available at http://www.whitehouse.gov/omb/assets/omb/circulars/a130/a130trans4.pdf; OMB Memorandum 09-29, Memorandum for Heads of Executive Departments and Agencies, Subject: FY 2009 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (Aug. 20, 2009), available at http://www.whitehouse.gov/omb/assets/memoranda_fy2009/m09-29.pdf.
As a general rule, the OMB Guidelines are entitled to the deference usually accorded the interpretations of the agency that has been charged with the administration of a statute. See Sussman v. U.S. Marshals Serv., 494 F.3d 1106, 1120 (D.C. Cir. 2007). In Sussman, the Court of Appeals for the District of Columbia Circuit discussed this standard: "Congress explicitly tasked the OMB with promulgating guidelines for implementing the Privacy Act, and we therefore give the OMB Guidelines 'the deference usually accorded interpretation of a statute by the agency charged with its administration.'" Id. (citing Albright v. United States, 631 F.2d 915, 920 n.5 (D.C. Cir. 1980)) (citation omitted). With regard to the 1975 guidelines, the court stated: "The OMB apparently invited no public comment prior to publishing its guidelines, and after we decided Albright, Congress pointedly replaced its original grant of authority to the OMB with one that expressly required the OMB to respect such procedural niceties before its guidelines could be binding. But Congress made clear the change was not meant to disturb existing guidelines.
Hence, the old OMB Guidelines still deserve the same level of deference they enjoyed prior to the 1998 amendment." Sussman, 494 F.3d at 1120 n.8 (citations omitted). Numerous cases have applied this standard of deference. See, e.g., Maydak v. United States, 363 F.3d 512, 518 (D.C. Cir. 2004); Henke v. U.S. Dep't of Commerce, 83 F.3d 1453, 1460 n.12 (D.C. Cir. 1996); Quinn v. Stone, 978 F.2d 126, 133 (3d Cir. 1992); Baker v. Dep't of the Navy, 814 F.2d 1381, 1383 (9th Cir. 1987); Perry v. FBI, 759 F.2d 1271, 1276 n.7 (7th Cir. 1985), rev'd en banc on other grounds, 781 F.2d 1294 (7th Cir. 1986); Bartel v. FAA, 725 F.2d 1403, 1408 n.9 (D.C. Cir. 1984); Smiertka v. U.S. Dep't of the Treasury, 604 F.2d 698, 703 n.12 (D.C. Cir. 1979); Rogers v. U.S. Dep't of Labor, 607 F. Supp. 697, 700 n.2 (N.D. Cal. 1985); Sanchez v. United States, 3 Gov't Disclosure Serv. (P-H) ¶ 83,116, at 83,709 (S.D. Tex. Sept. 10, 1982); Golliher v. USPS, 3 Gov't Disclosure Serv. (P-H) ¶ 83,114, at 83,703 (N.D. Ohio June 10, 1982); Greene v. VA, No. C-76-461-S, slip op. at 6-7 (M.D.N.C. July 3, 1978); Daniels v. FCC, No. 77-5011, slip op. at 8-9 (D.S.D. Mar. 15, 1978); see also Martin v. Office of Special Counsel, 819 F.2d 1181, 1188 (D.C. Cir. 1987) (OMB interpretation is "worthy of our attention and solicitude"). However, a few courts have rejected particular aspects of the OMB Guidelines as inconsistent with the statute. See Doe v. Chao, 540 U.S. at 62 n.11 (disagreeing with dissent's reliance on OMB interpretation of damages provision and stating that Court does "not find its unelaborated conclusion persuasive"); Scarborough v. Harvey, 493 F. Supp. 2d 1, 13-14 n.28 (D.D.C. 2007) (personal/entrepreneurial distinction); Henke v. U.S. Dep't of Commerce, No. 94-0189, 1996 WL 692020, at *2-3 (D.D.C. Aug. 19, 1994) (same), aff'd on other grounds, 83 F.3d 1445 (D.C. Cir. 1996); Kassel v. VA, No. 87-217-S, slip op. at 24-25 (D.N.H. Mar. 30, 1992) (subsection (e)(3)); Saunders v. Schweiker, 508 F. Supp. 305, 309 (W.D.N.Y. 1981) (same); Metadure Corp. v. United States, 490 F. Supp. 1368, 1373-74 (S.D.N.Y. 1980) (subsection (a)(2)); Fla. Med. Ass'n v. HEW, 479 F. Supp. 1291, 1307-11 (M.D. Fla. 1979) (same); Zeller v. United States, 467 F. Supp. 487, 497-99 (E.D.N.Y. 1979) (same).
Go to Table of Contents || Previous Section Role of the Privacy Protection Study Commission || Next Section Computer Matching