adam's notes

Privacy Act of 1974

The Privacy Act of 1974 establishes a code of information-handling practices that governs the collection, maintenance, use, and dissemination of information about individuals that is maintained in systems of records by U.S. federal agencies.

  • safeguards privacy through creating four procedural and substantive rights in personal data.
  • applies to records created and used by federal agencies
    • not to state or local governments
    • states the rules for the collection, use, and transfer of personally identifiable information (PII)
  • under the act, a record is any information about a person that an agency maintains
  • A system of records is a group of records under the control of an agency from which information is retrieved by the name of the individual or by some identifier assigned to the individual

Requirements

  • requires federal agencies to tell people why they are collecting personal information
  • Federal agencies also must provide an annual public notice about their record-keeping systems
    • must describe their record-keeping systems and the data in them
    • called a system of records notice (SORN)
    • must publish SORN only for systems that retrieve records by a person’s name or other personal identifier
    • must publish SORNs in Federal Register
  • requires government agencies to show an individual any records kept on him or her
    • can ask only for records that are retrievable by the person’s name, SSN, or some other type of unique identifier
  • Requires agencies to follow certain principles, called “fair information practices,” when gathering and handling personal data
    • appropriate administrative, technical, and physical safeguards to protect the security of the systems and records they maintain
  • Places restrictions on how agencies can share an individual’s data with other people and agencies
  • Lets individuals sue the government for violating its provisions
    • entitled to recover at least $1,000
    • E.g.,
      • deny access to records
      • refuse to amend a record
      • court finds agency intentionally or willfully violated the act
  • requires agencies to keep accurate and complete records
  • states that an agency should store only the data that it needs to conduct business
    • should not store any extra or unnecessary data

Rules for PII

  • agency cannot disclose a person’s records without his or her written consent
    • 12 exceptions to this general rule if the disclosure is:
      • Made to a federal agency employee who needs the record to perform his or her job duties
      • Required under the Freedom of Information Act
      • Made for an agency’s routine use
      • Made to the U.S. Census Bureau to perform a survey
      • Made for statistical research or reporting, and all personally identifiable data has been removed
      • To the National Archives and Records Administration because the record has historical value
      • Made in response to a written request from a law enforcement or regulatory agency for civil or criminal law purposes
      • Made to protect a person’s health or safety
      • Made to Congress
      • Made to the U.S. Comptroller General in the course of the performance of the duties of the U.S. Government Accountability Office
      • Made in response to a court order
      • Made to a consumer reporting agency for certain permitted purposes

Oversight

  • The OMB oversees Privacy Act compliance
  • can publish rules for federal agencies to follow to meet their Privacy Act responsibilities

Graph View

Backlinks