18. What is the “Privacy Act of 1974” (Privacy Act)?
The Privacy Act restricts the ability of the Federal Government to collect information about individual US citizens. Specifically, it regulates the use, maintenance, and dissemination of collected personally-identifiable information. “Personally-identifiable information” either contains the name or other information that allows the information to be attributed to a specific individual. These regulations are contained in what is known as the Code of Fair Information Practices. This regulatory framework controls all records in the possession and control of the Federal Government. Any agency in possession of such information must employ administrative and physical security measures to protect against the dissemination of the information. All federal agencies, particularly those that collect personally-identifiable information, must provide public notice of their records and systems via the Federal Register. The system must also provide a means by which individuals may seek access to and amend any erroneous material in their records. Consent of an individual is required before the agency may disclose that person’s personal information. There are, however, several exceptions where a federal agency may disclose personally-identifiable information about an individual without notifying the person:
• For statistical purposes by the Census Bureau or the Bureau of Labor Statistics;
• For routine uses within a US government agency;
• For archival purposes “as a record which has sufficient historical or other value to warrant its continued preservation by the United States Government”;
• For law enforcement purposes;
• For congressional investigations; and
• Other administrative purposes.
Agencies must also have a Data Integrity Board that reports all complaints about Privacy Act violations to the Office of Management and Budget. The Privacy Act was amended to include provisions regarding the use of Privacy Act information in automated matching programs (such as criminal records programs).
• Note: Records held by courts, executive components, or non-agency government entities are not subject to the provisions in the Privacy Act and there is no public right to these records. Information collected pursuant to criminal investigation may also be exempt from disclosure.
• Discussion: How do you feel about the collection of personal information by the Federal Government? Do you think that the requirement that administrative agencies disclose the collection of personally identifiable information is an adequate safeguard of individual privacy rights? Why or why not? Does the ability to dispute inaccurate information affect your opinion? Why or why not?
• Practice Question: The National Security Agency (NSA) has decided to monitor computer traffic to websites advocating the overthrow of the US Government. The agency’s monitoring reveals a computer user’s IP address. The IP address is then matched with a physical address where the IP address is registered. The physical location is matched with the real property records providing the owner’s name and personal information. All of this information is stored in case it is needed in a future investigation. What procedures must the NSA follow to comply with federal privacy law protections?