Personal Privacy in an Information Society. Endnotes


1 Section 5(b)(1l) of Public Law 93-579.

2 The detailed results of this inquiry will be presented in a separately published appendix volume that will also contain an illustrative statute showing how the Commission's suggestions might appear as legislative requirements.

3 Letter from Hon. Bert Lance, Director, Office of Management and Budget, to Senator Abraham A. Ribicoff, Chairman, Committee on Governmental Affairs, United States Senate, March, 1977, including a report on Costs of Implementing the Privacy Act of 1974, p. 5.

4 DHEW Secretary's Advisory Committee on Automated Personal Data Systems, Records, Computers and the Rights of Citizens, (Washington: U.S. Government Printing Office, 1973), p. 41.

5 This identification of eight principles results from Commission analysis, not a specific Congressional statement.

6 The Act defines a "record" as "any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, his education, financial transactions, medical history, and criminal or employment history and that contains his name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a finger or voice print or a photograph." [5 U.S.C. 552a(a)(4)]

7Two examples will illustrate the extremes of agency implementation of the "system of records" provision. A small component of one agency rearranged its personnel records by Civil Service grade, instead of individual identifier, in order to avoid the Act's requirements. The Department of the Navy, on the other hand, elected to bring a file of interview records under the Act even though they were filed (and hence retrieved) by the date of the interview.

8An "attribute search," contrary to the more common "name search," or "index search," starts with a collection of data about many individuals and seeks to identify those particular individuals in the system who meet the prescribed conditions or who have the prescribed attributes.

9 The "Privacy Act Statement" contains the authority for the solicitation of the information, the principal purposes for which it will be used, its "routine uses," and the effect on the individual of not providing the information. [5 U.S.C. 552a(e)(3)]

10 5 U.S.C. 552(b)(15)

115 U.S.C. 552(b)(6)

12 Office of Management and Budget, Privacy Act Guidelines, issued as a supplement to Circular A-108, Federal Register, Volume 40, Number 132, July 9, 1975, pp. 28948 - 28978.

13 5 U.S.C. 552a(j).

14 5 U.S.C. 552a(e)(1).

15 5 U.S.C. 552a(e)(2).

16 5 U.S.C. 552a(e)(3).

17 Section 7 of Public Law 93-579.

18 5 U.S.C. 552a(e)(7).

19Office of Management and Budget, Circular A-108, op. cit., p. 28953.

20 Federal Register, Volume 4 l, Number 181, September 16, 1976, p. 40015.

21 Office of Management and Budget, Implementation of the Privacy Act of ]974, Supplementary Guidance, Federal Register, Volume 40, Number 234, December 4, 1975, pp. 56741-56743.

22 5 U.S.C. 552a(b)(2).

23 5 U.S.C. 552(b)(6).

24 5 U.S.C. 552a(e)(1).

25 5 U.S.C. 552a(e)(3).

26 5 U.S.C. 552a(e)(4).

27 5 U.S.C. 552a(e)(5).

28 5 U.S.C.. 552a(c)(2).

29 5 U.S.C. 552a(e)(10).

30 Written statement of the Bureau of Health Insurance, Social Security Administration, Medical Records, Hearings before the Privacy Protection Study Commission, July 20, 1976, p. 11.

31 National Bureau of Standards, Guidelines for Automatic Data Processing Physical Security and Risk Management, June, 1974.

32 National Bureau of Standards, Computer Security Guidelines for Implementing the Privacy Act, May 30, 1975.

33 5 U.S.C. 552a(i).

34 Letter from Hon. Bert Lance to Senator Ribicoff, op. cit.

35 As of December 21, 1975, there were 6,723 systems of records of varying size containing 3.8 billion records about individuals which had been declared.

36 Letter from Hon. Bert Lance to Senator Ribicoff, op. cit.

37Federal Register, Volume 8, Number 237, November 30, 1943. This order provides that whenever a head of a Federal agency "finds it advisable to establish a new system of permanent account numbers pertaining to individual persons, [he] shall utilize exclusively the Social Security Act account numbers . . ." This was ordered "in the interest of economy and orderly administration." (See Chapter 16 for a more detailed discussion of this topic.)

38 Between April 1971 and February 1974 the FBI monitored requests for information in the NCIC made by State and local government agencies. The monitoring was conducted on behalf of the Department of Justice and other agencies of the Federal Government. The monitoring involved flagging the names of persons in whom the Federal agencies had some interest, including 4,700 who had no criminal record. In other words, any inquiry by a State or local government agency that included a flagged name was automatically noted and recorded for later examination by Federal agents. See letter of July 18, 1975, from Hon. John V. Tunney, U.S. Senator, to Hon. Harold Tyler, Deputy U.S. Attorney General; letter of August 29, 1975, from Hon. Harold Tyler to Hon. John V. Tunney.