A computer matching agreement (CMA) is a legal document that outlines the terms and conditions of a computerized matching program between two or more agencies or organizations. The purpose of the CMA is to ensure data privacy, accuracy, and security of any personally identifiable information (PII) that is shared between the organizations.
The Privacy Act of 1974 mandates that federal agencies must have a CMA in place before sharing PII with another agency or organization, except in certain limited circumstances. The Act defines PII as any information that can be used to identify a person, including their name, social security number, driver`s license number, and date of birth, among other things.
So, when is a CMA required? Here are some situations that would require a CMA:
1. Matching programs between federal agencies: If two or more federal agencies plan to share PII through a matching program, they must have a CMA in place. This applies regardless of whether the agencies are within the same department or different departments.
2. Matching programs between a federal agency and a non-federal entity: If a federal agency plans to share PII with a non-federal entity, such as a state government agency or a private company, a CMA is required. This applies if the matching program involves PII from more than one individual or entity.
3. Matching programs for a federal benefit program: If a federal agency plans to use a matching program to administer a benefit program, such as Social Security or Medicaid, a CMA is required. This is because matching programs involving PII for benefits can have significant impacts on individuals, and CMAs help ensure that data is accurate and secure.
4. Matching programs with law enforcement purposes: If a federal agency plans to use a matching program for law enforcement purposes, a CMA is required. This is because such programs require a higher level of data privacy and security to protect the rights of individuals.
In summary, a CMA is required whenever a matching program involves the sharing of PII between two or more entities, especially if it pertains to federal agencies and federal benefit programs or law enforcement. The CMA ensures that the data is accurate, secure, and protected, and that the rights of individuals are respected. Thus, it is essential to have a CMA in place to ensure compliance with the Privacy Act and protect individuals` data privacy.