The Computer Matching and Privacy Protection Act of 1988 (Pub. L. No. 100-503) amended the Privacy Act to add several new provisions. See 5 U.S.C. § 552a(a)(8)-(13), (e)(12), (o), (p), (q), (r), (u) (2006). These provisions add procedural requirements for agencies to follow when engaging in computer-matching activities, provide matching subjects with opportunities to receive notice and to refute adverse information before having a benefit denied or terminated, and require that agencies engaged in matching activities establish Data Protection Boards to oversee those activities. These provisions became effective on December 31, 1989. OMB’s guidelines on computer matching should be consulted in this area. See 54 Fed. Reg. 25,818-29 (June 19, 1989).
Subsequently, Congress enacted the Computer Matching and Privacy Protection Amendments of 1990 (Pub. L. No. 101-508), which further clarified the due process provisions found in subsection (p). OMB’s proposed guidelines on these amendments appear at 56 Fed. Reg. 18,599-601 (proposed Apr. 23, 1991), available at http://www.whitehouse.gov/sites/default/files/omb/assets/omb/inforeg/computer_amendments1991.pdf.
The highly complex and specialized provisions of the Computer Matching and Privacy Protection Act of 1988 and the Computer Matching and Privacy Protection Amendments of 1990 are not further addressed herein. For guidance on these provisions, agencies should consult the OMB Guidelines, cited above.