Summary

The Privacy Act of 1974 provides certain safeguards to individuals against invasion of privacy by requiring federal agencies to establish rules and procedures for maintaining and protecting personal data in agency record systems. As of December 31, 1976, federal agencies had 6,753 systems of records which contained 3.85 billion records about individuals and operating costs relevant to the act for the year ended September 30, 1976, were an estimated $36.6 million.

Agencies are making a concerted effort to implement and comply with provisions of the act, but improvements are needed. Three systems of records had not been published in the Federal Register, but action was being taken to comply with this requirement. In several instances, forms used for collecting information from individuals did not contain required notices about information disclosure. According to officials, a policy of providing access to information was followed, and data identifying confidential sources of information were deleted. Agencies must keep an accurate accounting of statistics for certain disclosures, and the accounting must be available to the subject upon request. The estimated cost for agencies to account for disclosures for the year ended September 30, 1976, was $9.4 million. The adequacy of disclosure accounting could not be readily determined because of the methods used. Reductions in paperwork and staff time might be achieved by eliminating duplication and changing certain accounting procedures. Employees were receiving Privacy Act training, but the adequacy of training was not fully evaluated.