The Privacy Act of 1974

• Autore: Robert P. Bigelow
• Carica: Member of the Boston, Massachusetts Bar
• Pagine: 341-349

Reprinted from ´ The Practical Lawyerª September 1ª 1975, pp. 15-24, Portions of this article have previously- appeared in the ´Computer Law Serviceª (Callaghan & Co.) and ´ Computer Law and Tax Report (Warren, Gorham & Lament) [Editor's Note].

Page 341

When President Ford signed the Privacy Act of 1974,-he partially assuaged the concern of those who were afraid that individual privacy might disappear in the computer age. The computer has made it economically feasible to collect in one location personal data previously scattered in the files of numerous organizations - private and governmental. Hence, while the Privacy'Act controls the gathering and dissemination of personal information, by Federal agencies, additional proposals, some already enacted, are in the legislative hoppers of several state legislatures and Congress, The temper of the times makes favorable action on more of these bills likely.

@The Background

@@The COSATI Recommendations

In January 1969, the Committee on Scientific and Technical Information (COSATI) of the Federal Council of Science and Technology established a panel on the Legal Aspects of Information Systems. In June 1972, this group sponsored a symposium in Washington, and the report of the conference and the background papers have been published in ´ 7 Honeywell Computer J. ª No, 1 (1973). The group proposed a set of principles for the guidance of the federal government.

Data Origination - In gathering information from individual citizens, Federal agencies have an obligation to disclose to them the purpose for which the Information is being collected, to state clearly the use or uses to which it will be put, to identify the governmental and nongovernmental individuals and organizations that will be given access to it, and to indicate whether the individual's name will be associated, either directly or indirectly, with the information. Informed consent is not necessary when information is required by an Act of Congress. The use of coercion or intimidation in gathering the information must be avoided, the collec-Page 342tor of data should verify its accuracy, and the agency shoud not engage in repetitious information-gathering exercises.

Data Storage and Dissemination - Agencies have an obligation to develop and enforce appropriate personnel standards for employees who have access to, or handle, personal information. The procedures should assure accuracy and proper processing of personal information. Legitimate scope of access should be clearly defined, and if the data is to be put to uses not originally contemplated, the consent of the person from whom the information was originally gathered should be obtained and the individual should be granted access to the information recorded about him and procedures should be established that enable him to insure the accuracy of the information' to determine whether his files have been abused.

Data Elimination - Personal information should be thought of as having a finite life span. When a Federal agency determines that personal information is no longer of utility and should be destroyed, that decision should be communicated to any other governmental or private agency or organization that has received a copy of the data, which should be required to destroy that copy, or other copies that may have been made. Citizens should have the right to request the destruction of personal information that is maintained without statutory authority.

@@The Secretary's Advisory Committee on Personal Data Systems

On February 27, 1972, then Secretary of Health, Education and Welfare, Elliot L. Richardson, established the Secretary's Advisory Committee on Personal Data Systems to analyze the consequences of using computers to keep records about people. Its report, entitled Records, Computers, and the Rights of Citizens, was released on July 30, 1973.

It recommended Federal legislation:

- Guaranteeing and individual's right to discover and to obtain- a copy of information that is being maintained about him in computerized systems;

- Allowing a person to contest the accuracy pertinence, and timeliness of any information in a computer-accessible record about him;

- Requiring record-keeping organizations to inform individuals on request, of all uses made of information that is being kept about them in computerized files; and

- With respect to Social Security numbers:

1. Giving each individual a right to refuse to disclose his or her number to any person or organization not authorized by federal statute to collect and use the number; and

   Page 343

2. Prohibiting organizations with authority to use the number from disclosing it to organizations lacking such authority.

   Numerous bills were introduced in the 92nd and 93rd Congress, and the Privacy Act of 1974, Pub. L. No. 93-579, 88 Stat. 1896, was passed at the end of the 1974 session, it was signed on January 1, 1975.

   @The Provisions

   @@Coverage

   The major portion of the Privacy Act, which becomes effective on September 27, 1975...