In 1972, the Secretary of the Department of Health, Education, and Welfare appointed a federal advisory committee to examine the growth of automated record keeping in the United States. The federal Advisory Committee on Automated Personal Data Systems (the Advisory Committee) concluded that an individual should have a right "to participate in a meaningful way in decisions about what goes in records about him and how that information shall be used."1 The Advisory Committee first identified certain "fundamental principles" applicable to the recording, disclosure, and use of identifiable personal information. Agreed upon procedures for ensuring an individual's right to participate -- called "fair information practices," were derived from these fundamental principles.2 Subsequently, Congress created the Privacy Protection Study Commission to analyze and make recommendations for reform of information practices in the public and private sector.3
Other nations confronted similar issues during this period, and, in 1981, the Organization for Economic Cooperation and Development (OECD) issued Guidelines for the protection of Privacy and Transborder Flows of Personal Data (the OECD Guidelines),4 a voluntary, international standard of conduct applicable to personal data generally. The OECD Guidelines reflect the international consensus that existed about information privacy on the eve of the personal computer revolution, setting out eight basic privacy principles that remain applicable to data collection today: collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, and accountability.5 The U.S. government has endorsed these guidelines as have a number of U.S. businesses.
Rapid advances in computer technology, coupled with the integration of telecommunications and data processing, occurred in the years following the Advisory Committee report, the Privacy Commission report, and the promulgation of the OECD Guidelines. These advances dramatically altered the way information about individuals is obtained and used by the government and private industry. In the United States, commentators continued to express concern about the federal government's accumulation and use of data. By 1990, according to General Accounting Office reports, computers and advanced technologies, such as computer networking, were used widely throughout the federal government.6 Federal agencies both obtained information from and shared information with third parties, including state and local agencies and the private sector.7
1. Advisory Committee on Automated Personal Data Systems, Records, Computers and the Rights of Citizens 41 (1973).
2. Id. at 40.
3. The Privacy Protection Study Commission was created by the Privacy Act of 1974, Pub. Law. No. 93-579, 5 U.S.C. § 552a (1994). The Commission issued its report, including over 160 recommendations, in 1977. See Privacy Protection Study Commission, Personal Privacy in an Information Society (1977).
4. Organization for Economic Cooperation & Development, Guidelines for the Protections of Privacy and Transborder Flow of Personal Data, OECD Doc. No. C(80)58 (1981).
6. See General Accounting Office, Computers and Privacy: How the Government Obtains, Verifies, Uses, and Protects Personal Data, GAO/IMTEC-90-70BR (1990).