Under the Computer Matching and Privacy Protection Act of 1988, which amended the 1974 Privacy Act, federal agencies must establish an internal Data Integrity Board (DIB) to oversee and approve their use of computer matching programs.
Before a federal department or agency can match its data with data held by another federal or state government department or agency, either as the recipient or the source of the data, it must enter into a written Computer Matching Agreement (CMA) with the other party, which must be approved by the department's or agency's DIB.
Under the terms of the computer matching provisions of the Privacy Act, a CMA may be established for a term of 18 months. Provided there are no material changes to the matching program, existing CMAs may be recertified once for a period of 12 months. Thus, the department or agency must re-evaluate the terms and conditions of even long-standing computer matching programs regularly.
- ↑ 5 U.S.C.§ 552a.
- ↑ With certain exceptions, a "matching program" is "any computerized comparison of two or more automated systems of records or a system of records with non-federal records for the purpose of establishing or verifying the eligibility of, or continuing compliance with statutory and regulatory requirements by, applicants for, recipients or beneficiaries of, participants in, or providers of services with respect to, cash or in-kind assistance or payments under federal benefit programs. Id. §552a(a)(8)(i)(1).