The Privacy Act of 1974: An Assessment. APPENDIX 4 TO The Report of The Privacy Protection Study Commission.. Administration, Training, and Compliance Monitoring


Subsection 3(e)(9) of the Privacy Act requires each agency to:

establish rules of conduct for persons involved in the design, development, operation, or maintenance of any system of records, or in maintaining any record, and instruct each such person with respect to such rules and the requirements of [the Act], including any other rules and procedures adopted pursuant to [the Act] and the penalties for noncompliance. [5 U.S.C. 552a(e)(9)]

Otherwise, however, each agency is left free to devise its own arrangements for assuring compliance with the Act's requirements and with its own Privacy Act regulations. A brief look at the experience of a few agencies will show the wide differences this approach has produced.