The Best of Creative Computing Volume 1 (published 1976)
How Much Privacy Should You Have? (Federal Privacy Act of 1974, Guidelines for Federal Agencies)
How Much Privacy
Should You Have?
you have had similar thoughts about the
Data-collection activities of local and state
Governments, business corporations,
Schools and universities, and other organizational record-keepers in American
society. You are far from alone. In l970,
A national Harris poll found that one out
of three Americans was personally worried
about invasions of his privacy. While
eavesdropping on telephone conversations
was mentioned. The most widely cited
complaints involved personal data collection by organizations. These included
“Computers that collect too much information." credit inquiries by business.
and
the way the federal government collects
taxes and takes the census.
Normally. what disturbs every third
American gets some fairly serious attention from the nation's lawmakers. But the
trouble with protection of privacy. from
the surfacing of this issue in the early
I960s until l974, was that American legislators treated it much like the weather
everyone talked about the problem but
no one was willing or able to do anything
about it.
Citizen's Rights-The Federal Privacy
Act of 1974
Then came Watergate. Between 1972
and I974. Americans learned to their
shock and dismay that White House
agents had ordered the tapping of the
Democratic Party's telephones, the burglary of a psychiatrist’s office to get
confidential medical files on a Vietnam war
Critic, and the assembling of income-tax
data and sex-life information on members
of the press and political critics of the
Nixon Administration.
By I974, national polls reported that
one out of two Americans now felt that
his personal privacy was threatened.
ln this Watergate-dominated atmosphere. Congress finally did act. In a move
that has so far received far too little attention in the popular media. Congress
passed the Federal Privacy Act of I974.
one of the potentially most important
citizen's rights laws in the computer age.
Since the new law governs the collection
of personal data by virtually all federal
agencies and gives individuals important
new powers to protect themselves against
abusive practices. it is crucial for the protection of privacy that the public
learn just
what the Privacy Act does for them.
By the time that Congress decided that
it had to pass some major privacy legislation in I974. at least covering the
federal
government's own files. three key issues
of data privacy had come into focus:
What personal information ought to be
collected at all by a given federal agency
or department, to carry out its lawful
functions?
lf personal information is properly collected, how can we be sure it is kept
confidential within the collecting agency.
for the purpose originally intended. and
not shared improperly with other government officials or private organizations?
Shouldn't individuals almost always
have a legal right to inspect that record.
if they wish, to check its accuracy, completeness and lawful use?
As it faced these difficult questions of
judgment. Congress was aware that far
more was at stake than assuring shaming the constitutional rights of political
radicals or
Mafia leaders. Hearings chaired by Senator Sam Ervin, Jr., and other
Congressional
leaders had documented that “derogatory
information files" were being amassed on
[image]
hundreds of thousands of Americans by
federal investigative agencies. Even more
fundamentally, every American's access to
the benefits and opportunities controlled
by organizational record-keepers could be
imperiled by inaccurate, incomplete or
improper data-collection practices. especially by the federal government.
By I974, Congress had also learned
through studies by the National Academy
of Sciences and a Citizen's Panel report
for the Department of Health. Education.
and Welfare that the basic issues were not
caused by computers, and no “pull-the-plug" decision could resolve the
problem.
Computerized files and databanks were
increasingly the setting in which the social
policy issues had to be faced. and computers tend to magnify. the injuries that
can be done. But Congress realized that
the basic issues concerned how Americans
were to be judged for various rewards and
opportunities in our society. and through
what kinds of fair procedures.
82
So the Federal Privacy Act of 1974 took
a major step forward. by requiring federal
agencies to follow a code of fair information practices in handling citizen
information. whether in computers or on cards,
Stripped of technical language, some
of the Act's main sections provide that:
Individuals must be told. whenever they
are asked to give personal information.
what legal authority the agency has to ask
for this. whether supplying it is voluntary
or required. and how it will be used.
Individuals can inspect their own records if they wish. obtain a copy of them.
and have their accuracy verified and officially corrected if found to be
inaccurate.
Individuals can find out who else besides the agency that collected the
information has had access to their records.
Guidelines for Federal Agencies
As its basic framework. the Act sets out
standards and procedures for federal
agencies to follow as “fair information
practices," Federal agencies must collect
only data “relevant and necessary" to their
lawful function. They cannot collect information about how we exercise our First
Amendment rights of speech, press, association and religion. unless such
collection
is expressly authorized by law. Agencies
must take reasonable steps to see that our
records are “accurate, relevant, timely
and complete."
At least once a year. each federal agency
must publish a public notice about each
system of personal records it maintains.
This must state the system's name, location, categories of persons covered,
users
of the system, policies as to storage and
retrieval. controls over access. and procedures for individuals to inspect and
challenge their records if they wish.
Most important of all. the Federal Privacy Act makes it a crime for federal
officials knowingly to violate the Act's
requirements. It also gives individuals the
right to sue in federal court to enforce
access, correction or compliance with the
Act. with damages and even lawyers'
fees provided in cases of willful violations.
The Act contains a few controversial
exceptions. for investigative activities of
law enforcement agencies. the CIA. and
certain kinds of personnel-checking inquiries. But the Act's coverage is still
remarkably wide. probably reaching more
than 95 percent of the record-keeping
activities of the federal government.
ln order to give federal agencies a
chance to get their enormous file collections into good order and to install new
procedures. the Privacy Act does not take
effect until September of I975. That also
gives us as citizens a chance to learn what
the Act does and how we can use it.
