The Privacy Act of 1974 was one of the first pieces of legislation to recognize the rights of individuals to privacy and the government’s responsibility to safeguard information that citizens provide to it. With the computerization of public records during the 1960s and growing concern over how the government might use information about private citizens, an advisory committee under what was then the Department of Health, Education, and Welfare (HEW) was appointed to advise the government on the potential consequences of automated data systems and suggest possible safeguards to protect information. The committee’s report, entitled “Records, Computers and the Rights of Citizens,” became the cornerstone of the subsequent privacy legislation and policies moving forward. In particular, the report recommended a “Code of Fair Information Practice,” which would prevent information collected for one use to be made available for other purposes without the consent of the individual and would require agencies to have mechanisms in place that allow individuals to learn what information is being kept on them and to correct or amend a record (HEW 1973). The report also highlighted the dangers of using Social Security numbers as universal identifiers.
The Privacy Act of 1974 requires federal agencies to provide citizens with access and correction rights to personal information and limits how agencies share information. According to the Act, an agency can disclose a person’s record only with the individual’s written consent or under special circumstances. Under these exceptions, information may be shared within the agency or for uses for which it was intended (defined as routine use), for purposes of the Census, to the National Archives and Records Administration if the information is deemed worthy of preservation, to another agency for civil or criminal law enforcement activities that are authorized by law, and to individuals who have provided agencies with advance written notice that information will be used only for statistical research or reporting. Records shared for statistical research or reporting must be “transferred in a form that is not individually identifiable.”2
2 “The Privacy Act of 1974,” Title 5 U.S. Code, Sec. 552a. Available at [http://www.gpo.gov/fdsys/pkg/ USCODE-2012-title5/pdf/USCODE-2012-title5-partI-chap5-subchapII-sec552a.pdf]. Accessed May 30, 2014.