The Best of Creative Computing Volume 1 (published 1976)
Surveys, The Census, and Privacy (excerpt of Records, Computers, and the Rights of Citizens report from HEW Secretary's Advisory Committee on Automated Personal Data Systems)
The following excerpt is taken from the summary and recommendations of the
report, "Records, Computers and the
Rights of Citizens," from the HEW Secretary's Advisory Committee on Automated
Personal Data Systems (See
Editorial, Page 3). Copies of the full report (DHEW (OS)73-94; GPO#l70000116)
may be ordered for $2.35 from
the Superintendent of Documents, Government Printing Ofjice, Washington, D.C.
20402.
Safeguard Requirements For Statistical-Reporting and Research Systems
I. GENERAL REQUIREMENTS
A. Any organization maintaining a record of personal data, which it does not
maintain as part of an automated personal data system used exclusively for
statistical reporting or research, shall make no transfer of any such data to
another organization without the prior informed consent of the individual to
whom the data pertain, if, as a consequence of the transfer, such data will
become part of an automated personal data system that is not subject to these
safeguard requirements or the safeguard requirements for administrative personal
data systems.
B. Any organization maintaining an automated personal data system used
exclusively for statistical reporting or research shall:
(l) Identify one person immediately responsible for the system, and make any
other organizational arrangements that are necessary to assure continuing
attention to the fulfillment of the safeguard requirements;
(2) Take affirmative action to inform each of its employees having any
responsibility or function in the design, development, operation, or maintenance
of the system, or the use of any data contained therein, about all the safeguard
requirements and all the rules and procedures of the organization designed to
assure compliance with them:
(3) Specify penalties to be applied to any employee who initiates or otherwise
contributes to any disciplinary or other punitive action against any individual
who brings to the attention of appropriate authorities, the press, or any member
of the public, evidence of unfair information practice;
(4) Take reasonable precautions to protect data in the system from any
anticipated threats or hazards to the
security of the system;
(5) Make no transfer of individually identifiable personal data to another
system without (i) specifying requirements for security of the data, including
limitations on access thereto, and (ii) determining that the conditions of the
transfer provide substantial assurance that those requirements and limitations
will be observed-except in instances when each of the individuals about whom
data are to be transferred has given his prior informed consent to the transfer;
and
(6) Have the capacity to make fully documented data readily available for
independent analysis.
II. PUBLIC NOTICE REQUIREMENT
Any organization maintaining an automated personal data system used
exclusively for statistical reporting or
research shall give public notice of the existence and character of its system
once each year. Any organization maintaining more than one such system shall
publish annual notices for all its systems
simultaneously. Any organization proposing to establish a new system, or to
enlarge an existing system, shall give public notice long enough in advance of
the initiation or enlargement of the system to assure individuals who may be
affected by its operation a reasonable opportunity to comment. The public notice
shall specify:
(I) The name of the system;
(2) The nature and purpose(s) of the system;
(3) The categories and number of persons on whom data are (to be) maintained;
(4) The categories of data (to be) maintained, indicating which categories are
(to be) stored in computer-accessible files;
(5) The organization's policies and practices regarding data storage, duration
of retention of data, and disposal thereof;
(6) The categories of data sources;
(7) A description of all types of use (to be) made of data, indicating those
involving computer-accessible files, and including all classes of users and the
organizational relationships among them;
(8) The procedures whereby an individual. group, or organization can gain
access to data for independent analysis;
(9) The title, name, and address of the person immediately responsible for the
system;
(10) A statement of the system's provisions for data confidentiality and the
legal basis for them.
III. RIGHTS OF INDIVIDUAL DATA SUBJECTS
Any organization maintaining an automated personal data system used
exclusively for statistical reporting or
research shall:
(l) Inform an individual asked to supply personal data for the system whether
he is legally required, or may
refuse, to supply the data requested, and also of any specific consequences for
him, which are known to the organization, of providing or not providing such
data;
(2) Assure that no use of individually identifiable data is made that is not
within the stated purposes of the system as reasonably understood by the
individual, unless the informed consent of the individual has been explicitly
obtained:
(3) Assure that no data about an individual are made available from the system
in response to a demand for data made by means of compulsory legal process,
unless the individual to whom the data pertain (i) has been notified of the
demand, and (ii) has been afforded full access to the data before they are made
available in response to the demand.
***
In addition to the foregoing safeguard requirements for all automated personal
data systems used exclusively
for statistical reporting and research. we recommend that all personal data in
such systems be protected by statute from compulsory disclosure in identifiable
form. Federal legislation protecting against compulsory disclosure should
include the following features:
The data to be protected should be limited to those used exclusively for
statistical reporting or research. Thus, the protection would apply to
statistical reporting and research data derived from administrative records, and
kept apart from them, but not to the administrative records themselves,
The protection should be limited to data identifiable with, or traceable to,
specific individuals. When data are released in statistical form, reasonable
precautions to protect against "statistical disclosure" should be considered to
fulfill the obligation to disclose data that can be traced to specific
individuals.
The protection should be specific enough to qualify for non-disclosure under
the Freedom of Information Act
exemption for matters "specifically exempted from disclosure by statute." 5
U.S.C. 552(b)(3).
The protection should be available for data in the custody of all statistical
reporting and research systems, whether supported by Federal funds or not.
Either the data custodian or the individual about whom data are sought by
legal process should be able to invoke the protection, but only the individual
should be able to waive it.
The Federal law should be controlling; no State statute should be taken to
interfere with the protection
it provides.
