Privacy Act of 1974

views updated May 29 2018

Privacy Act of 1974

John Cary Sims

The Privacy Act of 1974 (P.L. 93-579, 88 Stat. 1896) imposed an entirely new body of requirements on the federal government's handling of information concerning individuals. Although the statute incorporated a complex set of definitions and contained many exceptions, the Privacy Act reduced the unnecessary collection of private information by the federal government, prevented improper disclosure of such information, and gave individuals tools to determine what information the government held about them and how to correct errors in the records. The act also narrowed the range of circumstances under which any federal, state, or local government agency could deny an individual any right, benefit, or privilege for refusing to disclose his or her Social Security number.

CONSTITUTIONAL BASIS

The Privacy Act principally imposes restrictions on the operation of the federal government itself, and there has not been extensive analysis of the constitutional basis for the legislation. Presumably, the ultimate authority for the act is in the powers underlying the federal activities to which the relevant information pertains. Congress may also be thought to have enacted a statute that is "necessary and proper" for carrying out those powers.

The agencies of the federal government collect, maintain, and use vast and varied quantities of information about individuals. This information is of critical importance to individuals seeking government benefits, licenses, or employment, yet often these records contain serious errors. Threats to personal privacy could further be exacerbated by the increasing sophistication of the computerized techniques available to collect and combine pieces of information. While there are many circumstances in which access to private information is essential to the efficient operation of the government, proponents have argued that there were too many situations in which the information was wrongly disclosed—either to persons with no proper need to receive it, or to others as retaliation against individuals who held unpopular or controversial views. Proponents argued that not only should information collection and retention by government agencies be narrowly confined to proper operational needs, but individuals should be given efficient means to determine this information and to force correction of inaccuracies.

As the legislation proceeded through the Senate and the House, two quite different approaches emerged. The Senate bill would have created a Federal Privacy Board with broad power to regulate the information practices of both public and private entities; the House bill provided access to records and a method of bringing about the correction of errors. Both the Senate and House bills were adopted by their respective bodies on November 21, 1974, but the substantial differences between the bills and the short time remaining in the session made it questionable whether there was time to follow the normal practice of appointing a Conference Committee to reconcile the conflicting versions of the legislation. Instead, the staffs of the relevant House and Senate committees worked with those members of Congress most directly involved to produce a compromise bill. The compromise package was then adopted by both houses of Congress.

POLITICAL CONTEXT

The Privacy Act was one of many statutes adopted in the immediate aftermath of Watergate, and the legislation (along with amendments to the Freedom of Information Act enacted the same year) responded to concerns about the potential for government misuse of private information and to calls for heightened government accountability to the public. The Ford Administration, however, raised a number of objections to the proposed legislation and in particular to the Senate bill. The compromise ultimately reached was much less sweeping than originally proposed, with the adopted legislation limited in applicability to the federal government, and a study commission on privacy replacing the proposed regulatory agency. A "routine use" exception to the restrictions on the transfer of information between agencies was added to the bill as well. Taken together, the compromises removed the administration's objections to passage of the bill and paved the way for President Ford to sign the bill, which he did on December 31, 1974.

There has not been a sweeping interpretation of the Privacy Act by the Supreme Court; rather, there have been numerous decisions by lower federal courts interpreting and applying the statute's provisions. Many issues have arisen involving the relationship of the Privacy Act to other statutes or the precise meaning of the detailed definitions in the legislation. Since most aspects of the Privacy Act apply only if a "record" is "contained in a system of records," many cases have explored that threshold question; others have turned on whether an agency's use or disclosure of particular information was proper, and on whether one of the general or specific exemptions to the disclosure requirements of the act justified an agency's refusal to disclose its records to an individual requesting records about him or herself.

The Computer Matching and Privacy Protection Act of 1988 amended the Privacy Act by imposing safeguards designed to guard against unfair use of computer matching programs. There have also been a number of narrow amendments to specific provisions of the Privacy Act.

Federal employees who improperly disclose information about individuals may be prosecuted under certain circumstances, but the enforcement of the Privacy Act has principally been pursued through civil lawsuits authorized by the statute. Individuals may sue in federal district courts to obtain disclosure of records to which they are entitled under the statute, to obtain corrections of records, and to challenge the information practices followed by agencies. Successful plaintiffs may recover attorney fees and costs, and damage awards are also available if certain types of agency violations are "intentional or willful."

The Privacy Act focused attention on the collection and possible misuse of information concerning individuals, and those issues have gained much greater prominence over the years since passage of the legislation. Congress considered taking a much broader approach, which would have regulated both private and governmental actors, but the final legislation was directed at federal agencies and hedged by many exceptions and limitations.

With the emergence of the Internet and the recognition that great quantities of information are readily available to private individuals, current debates about privacy rights and proposals for the protection of individual privacy tend not to be limited to information collection, handling, and dissemination conducted by federal agencies. Following the terrorist attacks of September 2001, there was considerable resistance to restricting information gathering, thought to make it more difficult to fight terrorism. Many aspects of the Privacy Act's application depend on other provisions of federal law, since under the terms of the act itself either release or disclosure records may ultimately be controlled by another statute. The Freedom of Information Act in particular deals with a number of closely related issues.

See also: Freedom of Information Act.

Excerpt from the Privacy Act of 1974

"No agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains, unless disclosure of the record would be—(1) to those officers and employees of the agency which maintains the record who have a need for the record in the performance of their duties; (2) required under section 552 of this title [Freedom of Information Act]; (3) for a routine use ... (11) pursuant to the order of a court of competent jurisdiction..."

"Each agency that maintains a system of records shall—(1) maintain in its records only such information about an individual as is relevant and necessary to accomplish a purpose of the agency required to be accomplished by statute ory executive order of the President; (2) collect information to the greatest extent practicable directly from the subject individual when the information may result in adverse determinations about an individuals's rights, benefits, and privileges under Federal programs; ... (5) maintain all records which are used by the agency in making any determination about any individual with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to assure fafairness to the individual in the determination; ... (7) maintain no record describing how any individual exercises rights guaranteed by the First Amendment unless expressly authorized by statute or by the individual about whom the record is maintained or unless pertinent to and within the scope of an authorized law enforcement activity;.... "

Major Acts of Congress Sims, John Cary

Privacy Act of 1974

views updated May 17 2018

PRIVACY ACT OF 1974

The Privacy Act of 1974 (5 U.S.C.A. 552a) is a federal law that places restrictions on the federal government's collection, use, and dissemination of personal information. As with most comprehensive federal statutes, the act provides general and specific exemptions as well as an administrative appeals process.

The genesis of the Privacy Act can be traced back to 1965, when a congressional subcommittee examined privacy issues. Between 1965 and 1974, other congressional committees held hearings and issued reports on how individual privacy rights were affected by the growth of national data banks and the emergence of electronic data collection and storage. An important catalyst for the legislation was a Department of Health, Education, and Welfare report on government records and computers. The report proposed a "Code of Fair Information Practices" to be followed by all federal agencies and urged the adoption of five core principles: (1) the government should not maintain any secret records; (2) individuals must be able to see what personal information about them is stored and how it is used; (3) individuals must provide prior written consent before personal information collected for one purpose can be used for a different purpose; (4) individuals must be allowed to fix or clarify personal information about them; and (5) organizations that store or use personal data must be responsible for the information's veracity and must attempt to prevent its misuse.

Congress incorporated these principles into the Privacy Act, which applies to the executive branch of the federal government. The executive branch encompasses administrative agencies, government corporations, and government-controlled corporations. The act does not apply to records kept by state and local governments or by private companies or organizations. Only U.S. citizens and lawfully admitted aliens are given rights under the act. Accordingly, nonresident foreign nationals may not invoke the provisions of the act.

Generally, the only materials that are subject to the act are those that are maintained in a system of records. The act defines "records" to include most personal information kept by an agency about an individual. A record contains individually identifiable information, such as data on a person's education, medical history, criminal history, employment history, or financial transactions. A "system of records" is a group of records from which information can be retrieved by name, social security number, or any other identifying symbol linked to an individual. Most personal information that is kept in federal government files is subject to the Privacy Act. Therefore, the government may not, for example, share medical-history information from a medicare recipient with another government agency without first obtaining the individual's written consent.

The Privacy Act gives the government the authority to withhold records from individuals if important government interests are at stake. The government may deny access based on national security or law enforcement concerns. There are two general exemptions: one that applies to all records maintained by the central intelligence agency (CIA), and another that applies to federal criminal law enforcement agencies. The statute also lists seven specific exemptions that include secret service records involving the protection of the president, information used solely for statistical records, and various national security and law enforcement records.

Individuals who are denied access to their records may file an administrative appeal with the agency withholding the information. When a request for access is denied, the agency must explain the reason for the denial and must cite the specific statutory exemption. Individuals who can access their records, but who dispute the accuracy of the information, have the right to request a correction. The agency must acknowledge receipt of the request and must promptly make a determination whether or not to correct the record. If the agency denies the request, the individual may file an administrative appeal. If that appeal is denied, the individual has the right to judicial review by suing the agency in federal court. A lawsuit must be filed within two years from the date of the final agency denial.