Privacy Act of 1974
The Privacy Act of 1974, 5 U.S.C. § 552a, Public Law No. 93-579, (Dec. 31, 1974) establishes a Code of Fair Information Practice that governs the collection, maintenance, use, and dissemination of personally identifiable information about individuals that is maintained in systems of records by federal agencies. A system of records is a group of records under the control of an agency from which information is retrieved by the name of the individual or by some identifier assigned to the individual. The Privacy Act requires that agencies give the public notice of their systems of records by publication in the Federal Register. The Privacy Act prohibits the disclosure of information from a system of records absent the written consent of the subject individual, unless the disclosure is pursuant to one of twelve statutory exceptions. The Act also provides individuals with a means by which to seek access to and amendment of their records, and sets forth various agency record-keeping requirements.
Contents |
[edit] Provisions of the Privacy Act
[edit] Conditions of disclosure
The Privacy Act states in part:
- No agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains...[1]
There are specific exceptions for the record allowing the use of personal records:[2]
- For statistical purposes by the Census Bureau and the Bureau of Labor Statistics
- For routine uses within a U.S. government agency
- For archival purposes "as a record which has sufficient historical or other value to warrant its continued preservation by the United States Government"
- For law enforcement purposes
- For congressional investigations
- Other administrative purposes
The Privacy Act mandates that each United States Government agency have in place an administrative and physical security system to prevent the unauthorized release of personal records.
[edit] Department of Justice
Subsection requires that each agency have a Data Integrity Board. It is supposed to make an annual report to OMB, available to the public, that includes all complaints that the Act was violated, such as use of records for unauthorized reasons or the holding of First Amendment Records and report on —…"(v) any violations of matching agreements that have been alleged or identified and any corrective action taken”. Former Attorney General Dick Thornburg appointed a Data Integrity Board but since then USDOJ has not published any Privacy Act reports.[citation needed]
[edit] Computer Matching and Privacy Protection Act
The Computer Matching and Privacy Protection Act of 1988, P.L. 100–503, amended the Privacy Act of 1974 by adding certain protections for the subjects of Privacy Act records whose records are used in automated matching programs. These protections have been mandated to ensure:
- procedural uniformity in carrying out matching programs;
- due process for subjects in order to protect their rights, and
- oversight of matching programs through the establishment of Data Integrity Boards at each agency engaging in matching to monitor the agency's matching activity.
The Computer Matching Act is codified as part of the Privacy Act.[3]
[edit] Access to records
The Privacy Act also states:
- Each agency that maintains a system of records shall—
- upon request by any individual ... permit him ... to review the record and have a copy made of all or any portion thereof in a form comprehensible to him ...
- permit the individual to request amendment of a record pertaining to him ...[1]
[edit] Issues of scope
The Privacy Act does apply to the records of every "individual,"[4] but the Privacy Act only applies to records held by an "agency".[5]
Therefore the records held by courts, executive components, or non-agency government entities are not subject to the provisions in the Privacy Act and there is no right to these records.[6]
[edit] Exemptions
Following the controversial Passenger Name Record agreement signed with the European Union (EU) in 2007, the Bush administration provided an exemption for the Department of Homeland Security and the Arrival and Departure System (ADIS) from the U.S. Privacy Act.[7] ADIS is intended to authorize people to travel only after PNR and API (Advance Passenger Information) data has been checked and cleared through a US agency watchlist.[7] The Automated Targeting System is also to be exempted.[7] The Privacy Act does not protect non-US citizens, which is problematic for the exchange of Passenger Name Record information between the US and the European Union.
[edit] See also
[edit] References
- ^ a b Redirect Page[dead link]
- ^ US CODE: Title 5,552a. Records maintained on individuals
- ^ Redirect Page[dead link]
- ^ 5 USC s. 552a(2)
- ^ 5 USC s. 552(a)(1) & (b)
- ^ Dale v. Executive Office of the President, 164 F. Supp.2d 22 (D.D.C. 2001).
- ^ a b c Statewatch, US changes the privacy rules to exemption access to personal data September 2007
[edit] Source
This article uses material from the public domain source:
- '"The Privacy Act of 1974". United States Department of Justice. http://www.usdoj.gov/opcl/privacyact1974.htm.
[edit] External links
- Privacy Act of 1974 (5 USC Sec. 552a)
- Privacy Office at the Department of Homeland Security
