The Privacy Act of 1974: An Assessment. APPENDIX 4 TO The Report of The Privacy Protection Study Commission.. Chapter 4. Revision of the Privacy Act of 1974.

01/07/1977

In seeking remedies for the Privacy Act's current weaknesses, the Commission found it useful to draft an illustrative revision of the Act as a means of testing the feasibility of various alternatives. The product of this drafting exercise, which itself involved many revisions, is being made available as Appendix B of this volume.1 The Commission does not pretend that its suggested changes in the language of the Act are the only ones that will correct the Act's deficiencies. However, it does believe that its illustrative language shows how the problems that its assessment of the Act uncovered could be overcome by redrafting.

The Commission's assessment of the Privacy Act of 1974 led it to three general conclusions:

(1)   The Privacy Act represents a large step forward, but it has not resulted in the general benefits to the public that either its legislative history or the prevailing opinion as to its accomplishments would lead one to expect;

(2)   Agency compliance with the Act is difficult to assess because of the ambiguity of some of the Act's requirements, but, on balance, it appears to be neither deplorable nor exemplary; and ;

(3)   The Act ignores or only marginally addresses some personaldata record-keeping policy issues of major importance now and for the future.

With these conclusions in mind, the Commission's illustrative revision of the Act strives to clarify it by changing its structure and reconceptualizing specific sections. The revision also concentrates on articulating policyobjectives rather than on specifying details of implementation, since one goal of the revision is to allow the Act's policy objectives to be achieved without destroying the flexibility an administrator clearly must have inimplementing it.

Finally, it should be noted that, even though the Commission's approach continues the one taken in the current law, it permits adaptation to changes in information technology while at the same time recognizing that there are some information policy issues an agency cannot, and often should not, resolve by itself. The most obvious is the question of whether a particular record-keeping system should exist at all. Answering such a question requires independent judgment of the sort that the Commission believes would be best provided by the independent entity recommended in Chapter 1 of its final report. The pressures on agencies to collect increasing amounts of information for an increasing number of purposes are too great to allow them to continue to establish information systems without more of a check on their judgment than either the current Privacy Act or one that incorporates the Commission's suggested changes could reasonably be expected to sustain.

The changes in the Privacy Act that the Commission suggests are focused on three basic objectives:

  • To clarify ambiguous language in the law in order to minimize variation in interpreting it;
  • To incorporate "reasonableness" tests to allow flexibility in implementation and thus give the agencies incentives to take account of differences between manual and automated record-keeping, diverse agency record-keeping requirements, and future technological developments; and
  • To substitute for the Act's current reliance on the "system of records" definition as the sole basis for activating all of its requirements an approach that activates specific requirements as warranted.

The ways in which the first two objectives have been met will become apparent as specific portions of the Commission's substitute language are explained. The third objective, however, should be discussed at this point since it is central to the Commission's entire drafting strategy.