The Privacy Act of 1974: An Assessment. APPENDIX 4 TO The Report of The Privacy Protection Study Commission.. Definitions

01/07/1977

The definitions in Appendix B retain or modify those in the current law in the following ways:

Agency. The definition of the term "agency" [(a)(])] does not differ from the one in the current law. [5 U.S.C 552a(a)(1)] Its potential for undermining the Act's restrictions on disclosures to third parties has, however, been stemmed by including intra-agency disclosures in the routine-use definition. [(a)(9)] A large Cabinet Department with many different programs would no longer be permitted to transfer information about individuals among its various components without revealing that it does so. <

Individual. The term "individual" [(a)(2)] is also identical to the one currently in the Privacy Act. [5 U.S.C. 552a(a)(2)]

Record. The Commission considered abandoning the term "record" in favor of the term "personal information," but rejected the idea for three reasons. First, its expanded definition of a "record" includes everything that could be considered "personal information." Second, there is an important body of court decisions arising from the use of the term "record" in the Freedom of Information Act, which has served to clarify its meaning. Third, if an agency were required to grant access to "personal information" rather than to a "record," it might arguably be able to satisfy the requirements of the law by summarizing the information in its files in lieu of giving the individual the information in the form in which it is actually stored, used, or disclosed.

The "record" definition in Appendix B retains the language of the current law [5 U.S.C. 552a(a)(4)], but expands it by including "attributes, affiliations, or characteristics associated with, or assigned to, the individual."[(a)(3)] This change broadens the term to encompass all types of information used to identify an individual and thus would include information used to search a file for the names of individuals whose qualifications match a particular job description or who have a propensity to engage in certain activities, such as violations of law.

Individually Identifiable Record.This is a new term [(a)(4)] and is defined as "a record which could be reasonably expected to identify the individual or individuals to whom it pertains." It includes "individuals" to allow for situations in which a record refers to more than one individual, such as would be the case when a social service record is maintained on a family unit.

Research or Statistical Record. Although the definition of this term [(a)(5)] resembles the definition of a "statistical record" in the current law [5 U.S.C 552a(a)(6)], it is more precise. It specifically refers to an individually identifiable record "collected or maintained by a Federal agency or pursuant to a Federal research contract or grant, or a subcontract thereof, for a research or statistical purpose only," and makes clear that the implicit prohibition against using such a record "to make any decision or to take any action directly affecting the individual to whom the record pertains," does not include a decision made "within the context of the research plan or protocol." The reference to "section 8 of title 13" continues the current exception for census records that are disclosed to the individuals to whom they pertain for the purpose of establishing their eligibility for medicare benefits.

Accessible Record. This, too, is a new term. [(a)(6)] Its practical effect is to broaden the individual's right of access to include an individually identifiable record which is:

(A)   systematically filed, stored, or otherwise maintained according to some established retrieval scheme or indexing structure and which is, in practice, accessed by use of, or reference to, such retrieval scheme or indexing structure for the principal purpose of retrieving the record, or any portion thereof, on the basis of the identity of, or so to identify an individual, or

(B)   otherwise readily accessible because:

(i)   the agency is able to access the record without an unreasonable expenditure of time, money, effort, or other resources, or

(ii)   the individual to whom the record pertains is able to provide sufficiently specific locating information so as to render the record accessible by the agency without an unreasonable expenditure of time, money, effort, or other resources.

This definition and the term "system" [(a)(7)] replace the term "system of records" in the current law. [5 U.S.C 552a(a)(5)] When an individual seeks access to information about himself which is in an agency's possession, he wants all of the accessible information relevant to his request. However, the "system of records" definition now in the Act clearly frustrates that objective by limiting the individual's right of access to records which an agency, in fact, retrieves by reference to his name or some other identifying particular assigned to him.

The first paragraph of the new definition [(a)(6)(A)] restates and slightly broadens the increasingly popular notion of systematically stored and retrieved information, attempting to codify a concept that mirrors prevailing practice. The only significant expansion is the deliberate use of the term "retrieval scheme." This would include a keyword (or other character-pattern) search of machine-readable or computerized textual information. Paragraph (a)(6)(A), however, refers only to an agency's actual practice. If the agency does not use or retrieve the information by a retrieval scheme, it would not apply, and the principal-purpose test further narrows the scope of the definition.

The second paragraph [(a)(6)(B)], on the other hand, introduces the concept of "readily accessible." While subparagraphs (a)(6)(B)(i) and (B)(ii) attempt as clear a definition as possible of this concept, there is no way to avoid some potential for varying interpretations. One of the flaws of the current law is that it defines too precisely the information which should be readily accessible. A common problem with any attempt at precision in this context is that it can be easily circumvented, and particularly where modern computer technology is involved. Thus, the Commission suggests a flexible test for determining accessibility: namely, the amount of time, money, effort, or other resources (e.g., computer processing) the agency would have to spend to make the information accessible.

Basically, the "accessible record" definition embodies the notion that information should be made available to the individual unless retrieval would impose an unreasonable burden on the agency or unless there is an overriding policy reason for not making it available, such as the protection of national security. In theory, all computerized information is accessible, but to require agencies to give an individual access to any information about him that is theoretically accessible would be prohibitively costly. If, however, an agency that has organized its employee files by duty station, for example, has the capability to retrieve them by reference to name or Social Security number and can do so without undue effort or cost, then the information in the files ought to be available to the individuals to whom it pertains. The test of undue effort or cost will, of course, vary with the circumstances, the technology, and the times, but, allowing the test to vary will help to assure that the individual's ability to gain access to information about himself will keep pace with changes and improvements in the agencies' capacity to retrieve and use it.

Likewise, if the subject individual can provide locating information that is specific enough to render a record accessible without an unreasonable expenditure of time and effort, then the agency should provide it. If John Doe knows that there is a reference to him in a file labeled "XYZ Docket," for example, then it is not unreasonable for the agency to give him access to it, although it would be unreasonable (and probably undesirable) to expect an agency to develop a filing or indexing scheme just so it would know in advance that there was information about John Doe in Docket XYZ if he made a general request for access to records about himself. To multiply the opportunities to misuse records about individuals by encouraging agencies to develop elaborate cross-referencing schemes in the interest of complying with the fair information practice requirements would be ironic, indeed, and the Commission's suggested definition of an accessible record is not intended to do so.

System or Subsystem. The term "information system" is an artificial construct which helps people visualize collections of records. Information systems may be functional, such as a "payroll system," or physical, such as a "record system" contained in a particular file cabinet. Moreover, there may be systems within systems, such as the tax withholding subsystem of a payroll system.

The manual model of an information system made up of physically discrete subsystems is being rendered obsolete by computer technology. For example, computer software can present a user with the illusion of different subsystems, which, in fact, do not exist physically as discrete units.5 There are circumstances in which the concept of a physically discrete system is useful, but increasingly it only complicates matters needlessly.

The Commission suggests defining a system or subsystem as:

any collection or grouping of accessible records [that are] systematically filed, stored, or otherwise maintained according to some established retrieval scheme or indexing structure and which is, in practice, accessed by use of, or reference to, such retrieval scheme or indexing structure for the principal purpose of retrieving the record, or any portion thereof, on the basis of the identity of, or so as to identify, an individual or individuals. [(a)(7)]

Moreover, the illustrative statute relies on this concept of an information system only as it is useful for facilitating public scrutiny and management accountability; that is, in combination with the requirement in subsection (h) that an agency describe its collections of individually identifiable records which are maintained according to a pre-established retrieval scheme, and its information practices with respect to those collections of records.

Maintain. The definition the Commission suggests [(a)(8)] adds "obtain, possess, process, or disclose" to the current law's "collect, maintain, use, and disseminate." [5 U.S.C 552a(a)(3)] The revised definition would require a custodial agency to accept some responsibility for the accuracy of information it received from another agency and also permit it to honor the individual's right of access to such information. In addition, it would require an agency to publish system notices on the records in its possession that are technically under the control of another agency. An agency's personnel records, for example, are technically under the control of the Civil Service Commission, even though the agency has physical possession of them.

Routine Use. The suggested definition augments the current one by requiring not only that the use of a record be "compatible with the purposes for which it was collected" [5 U.S.C. 552a(a)(7)], but also that it be "consistent with the conditions or reasonable expectations of use and disclosure under which the information in the record was provided, collected, or obtained." [(a)(9)] In addition, the revised formulation would explicitly require that internal, as well as external, agency disclosures of information be governed by the revised subsection on "Limitations on Disclosure." [(d)(3)]

The Commission found that the routine-use-provisions in the current law, although designed as a safety valve, have had unintended effects. The compatible-purpose test has been applied loosely and exclusively from the agency's point of view. Furthermore, because the Privacy Act incorporates the Freedom of Information Act definition of an "agency," the routine-use provisions have had almost no effect on "internal" disclosures among the components of large agencies that operate many different types of programs.

Collateral Use. The term "collateral use" [(a)(10)] has been added by the Commission to encompass disclosures which are not compatible with the purposes for which the information was collected but which are specifically authorized by statute. To qualify as a collateral use, any such disclosure would have to be pursuant to a statute enacted after January 1, 1975 which establishes specific criteria for use or disclosure of specific types of information. Examples might include the statutory authorization for transfering information between Federal and State agencies to assist in determining an individual's eligibilty for disability benefits, and the Tax Reform Act of 1976 which authorizes certain disclosures of tax return information which are not compatible with the purpose for which the information was collected.

Because the collateral-use concept presupposes direct, and probably increasing, Congressional involvement in information policy decisions, it should help to keep the relationship between the Privacy Act and other information policy legislation in clear focus. The current law and its legislative history are silent on whether the Act was intended to supersede preexisting statutes authorizing uses or disclosures of information that do not meet the compatible-purpose test. The OMB Guidelines6 take the position that preexisting statutes which permit less disclosure to third parties than the Privacy Act allows were not superseded, but there was no basis for concluding that the many sections of the U.S. Code that authorize or require the disclosure of information about individuals to third parties were. Adding the concept of collateral use will assure that in the future the Congress' attention will be drawn to statutorily authorized uses and disclosures that do not meet the the compatible-purpose test and also, by virtue of the January 1, 1975 cut-off date, will precipitate a reconsideration of sections of the U.S. Code that do not meet the test today.