The strongest argument for the need to keep attention focused on the issue of personal privacy in record keeping is in the facts of record keeping themselves. The facts and the specific recommendations the Commission makes on the basis of its analysis of them are presented in the chapters that follow.
Chapter 2 examines the record keeping policies and practices of credit grantors and the organizations whose records they use to establish and control their consumer credit relationships. Consumer credit is an area in which new services and new record keeping methods have dramatically changed the primary record keeping relationship. As the chapter points out, personal interaction in consumer credit transactions has declined markedly in the last several decades, making recorded information the paramount factor in establishing and maintaining the consumer credit relationship. Chapter 2 ends with a note on the practices of commercial reporting firms and the Commission's recommendations with respect to the records they maintain about individuals.
Chapter 3 explains why the record keeping policies and practices of depository institutions (mainly commercial banks and savings and loan associations) are beginning to pattern themselves on those of credit grantors. Chapter 3 includes the Commission's analysis of the impact of electronic funds transfer systems on personal privacy, an impact with potentially profound significance.
Chapter 4 explores the creation and use of mailing lists. It shows that, contrary to popular belief, names and addresses do not get transferred from one mailing list to another in ways that disclose confidential information about individuals, but that impending changes in the way mailing lists are developed will make it easier for that to happen.
Chapter 5 examines record keeping in the insurance relationship, an area that has been little explored from a privacy protection standpoint. In contrast to the credit and depository relationships, the insurance relation ship may depend in part on information about individuals developed from interviews with neighbors and associates. This difference introduces a special set of privacy protection issues which are also present to some extent in the private sector employee- employer relationship examined in Chapter 6.
Chapter 7 assesses the growing demand on medical care providers for information in the records they maintain on individual patients. The use of medical record information to make nonmedical decisions about individuals is explored in the chapters on insurance and employment, but Chapter 7 is where it is brought into focus. The crux of the problem is that individuals are asked to authorize the disclosure of medical record information about themselves for a variety of purposes, but usually have no way of finding out what is in their medical records and thus must decide to authorize without a proper basis for estimating the consequences such disclosures may have for them.
Chapter 8 examines investigative reporting services in the private sector, weaving threads from earlier chapters into an analysis of why the Commission believes sweeping changes are needed in the record keeping practices of these firms.
Chapter 9 begins the transition from the private to the public sector. It concentrates on threats to personal privacy that stem from two main sources: changes in the way individuals go about their day t oday business, and the tendency of government in recent years to rewrite the rules of the game without letting the other players know. It argues that to wait on the courts to create adequate protections for the individual is to adopt a policy of uncertain outcome and recommends legislation to right the balance between individual liberty and social order that the increase in government's demands for access to records about individuals has upset.
Chapters 10 and 11 address two areas education, and public assistance and social services in which both the Federal government and the States have a policy interest. The past decade has seen important initiatives to safeguard personal privacy from obvious record keeping abuses in both areas. These two chapters evaluate those initiatives in terms of current conditions and emerging trends. Chapter 12 summarizes the State's role in protecting personal privacy as it emerges from the Commission's recommendations in all of the preceding chapters.
With Chapter 13, the report turns to the record keeping practices of Federal government agencies. The Commission decided early in its inquiry that it could not recommend whether the principles and requirements of the Privacy Act should be extended to organizations outside the Federal government without first assessing the Privacy Act's effectiveness in the one area where its principles and requirements have been applied. Chapter 13 reports the results of the assessment and suggests a strategy for amending the Privacy Act as it applies to Federal agencies.
Chapter 14 on the Federal taxpayer relationship responds to a directive from the Congress that the Commission examine and make recommendations with respect to Internal Revenue Service disclosures of information about taxpayers. The Commission issued an interim report on the topic in June of 1976, just prior to passage of the 1976 Tax Reform Act. Chapter 14 compares the pertinent provisions of the 1976 legislation with the recommendations the Commission made at that time, and covers several related issues that were not addressed in the interim report.
Chapter 15 contributes to the continuing debate over the level of protection that should be afforded records about individuals that are intended to be used for research and statistics.
Chapter 16 on the Social Security Number and other assigned identifiers punctuates the Commission's findings and recommendations. While its principal conclusion is that the core problem is the lack of policy on the disclosures record keeping organizations may make of a record about an individual, it recommends that government take no action that would encourage the drift toward using the SSN or anything else as a standard, universal identifier until such policy has been developed and made effective.