Personal Privacy in an Information Society. The Relationship Between Citizen and Government: The Privacy Act of 1974


The Privacy Protection Study Commission was given the broad mandate to investigate the personal-data record-keeping practices of governmental, regional, and private organizations and to recommend to the President and the Congress the extent, if any, to which the principles and requirements of the Act should be applied to them.1 Early in its inquiry, the Commission decided that to fulfill this mandate an assessment of the Privacy Act itself, its underlying philosophy, and the experience of Federal agencies to date in complying with it would be necessary. This chapter reports the results of that assessment. In so doing, it responds to the Commission's mandate directing it to:

report on such other legislative recommendations as it may determine to be necessary to protect the privacy of individuals while meeting the legitimate needs of government and society for information. [Section 5(b)(2) of Public Law 93-579]

As the preceding chapters demonstrate, the Commission has concluded that the Privacy Act should not be extended in its present form to organizations outside the Federal government. This conclusion is based on several considerations. First, economic incentives can be used to induce organizations in the private sector to limit their acquisition and retention of information about individuals much more easily than they can be used in government. Private-sector organizations can be moved to protect their customers' privacy interests if their customers know and understand their record-keeping practices and use the competition of the marketplace as an ally in securing compliance with privacy protection safeguards. In addition, a private-sector organization's legal liability for violation of certain individual rights compels attention to fair practices and procedures in carrying out privacy protection safeguards even at the lowest levels. A mistake that costs a company money can cost the responsible employee his job. In government organizations, however, such incentives are much more tenuous, as the discussion later in this chapter will indicate.

A second consideration that argues for distinguishing private organi-zations from governmental ones is the high degree of uniformity, particularly of Federal government administrative processes and practices, in contrast to the diversity of similar practices found at other levels of government and throughout the private sector. The standards of government operation outlined in the Administrative Procedures Act [5 U.S.C. 551 et seq..] apply to all but the most limited of Federal agency activities. No parallel exists in the private sector.

The third consideration that led the Commission to reject wholesale, uniform application of the Privacy Act to other than Federal government agencies is related to the second; uniform and specific Federal requirements imposed on all private-sector record keepers and other governmental ones would inevitably require broad-based regulation, giving government an unprecedented role in channeling and monitoring flows of information throughout all of society. While the Commission recognizes that govern-ment intervention in some areas of record keeping may not be avoidable, it strongly believes that the safeguards for personal privacy it seeks to establish and preserve require and, in fact, demand that such intervention be limited and controlled.

A fourth reason for concluding that the Privacy Act should not be extended to organizations outside the Federal government is the recognition that some of the requirements imposed by the Privacy Act on Federal agencies simply do not, or cannot, apply to private-sector organizations. For example, the restriction the Privacy Act places on the collection of information on an individual's exercise of his First Amendment rights would be ill-considered, and perhaps unconstitutional, if it were to be applied to all private-sector organizations without limitation.

Finally, the Commission has reached the conclusion that the Privacy Act needs significant modification and change if it is to accomplish its objectives within the Federal government. Much of this chapter supports that conclusion.

All of these arguments persuaded the Commission that it should not recommend omnibus legislation to extend the Privacy Act to other levels of government or to the private sector. The Commission further observes that even within the Federal government different requirements apply to some records about individuals. While the Privacy Act establishes minimum requirements for the keeping of records about individuals, other statutes set out additional ones directed at records maintained by particular agencies or used to perform particular functions.

The prohibitions on the disclosure of individual tax returns in the Tax Reform Act of 1976 are one example of such legislation. The rationale for these additional requirements recognizes that in government information about individuals is often acquired and recorded under different circum-stances by different agencies. While every individual has a basic relationship with government that demands a minimum set of protections against abuse of the records government keeps about him, in specific circumstances the individual is entitled to a higher threshold of protection. This is particularly true in relation to standards limiting disclosure. The information a citizen gives to the revenue system, for example, because he is forced to do so under the threat of criminal sanctions, deserves more than minimum protections.

The Commission, as further discussed in Chapter 14, encourages the Congress to enact specifically targeted legislation in areas where the amount of detail in the records, the manner in which they are obtained, or the nature of the agency mission involved, warrant special safeguards.