The Privacy Act of 1974: An Assessment. APPENDIX 4 TO The Report of The Privacy Protection Study Commission.. The Openness Principle

01/07/1977

The Privacy Act asserts that an agency of the Federal government must not be secretive about its personal-data record-keeping policies, practices, and systems. No agency may conceal the existence of any personal-data record-keeping system, and each agency that maintains such a system must describe publicly both the kinds of information in it and the manner in which it will be used. This is accomplished in two ways. The first is through the required annual publication of system notices in the Federal Register. The second is through the "Privacy Act Statement"7 given at the time individually identifiable information is collected from an individual.

The requirements implementing the Openness Principle are intended to achieve two general goals:

(1)   facilitate public scrutiny of Federal agency record-keeping policies, practices, and systems by interested and knowledgeable parties; and

(2)   make the citizen aware of systems in which a record on him is likely to exist.

The Commission has found that the Act has made a significant step toward fulfillment of these objectives, especially the first one, but that it has still fallen short of expectations.

The Commission believes that publishing record-system notices once each year in the Federal Register is worthwhile. It develops an inventory of agency record-keeping operations that is useful for both public scrutiny of Federal agency record-keeping practices and for internal management control. Unfortunately, however, the annual notices tend to be less informative than they could be, and they are not required to describe the extent to which information is used within the agency. Furthermore, the Act is silent on the distinction between a system and a subsystem, and there are no criteria for limiting the diversity of information, purposes, or functions that may be incorporated in any one record system, and thus subsumed in one annual Federal Register notice. As a result, some annual notices are too encompassing to be informative. Likewise, duplicate, substantially similar, or derivative systems are frequently either unlisted or not cross-referenced. The Commission believes that the primary purpose of the public notice requirement should be to facilitate internal and external oversight of agency activities, including public scrutiny. Thus, it believes that the annual notices should provide more detail than they now do and should reflect more accurately the context or manner in which an agency maintains records.

One of the specific shortcomings of the system notices has been the literal interpretation of the requirement to describe the routine uses. While limiting these descriptions to external uses is consistent with the prevailing interpretation of the Act's routine-use definition, in many cases, the more significant uses are internal ones. Therefore, the Commission believes that the section in the annual notice on routine uses of records maintained in a system, including categories of uses and the purposes of such uses, should include a description of internal uses of information as well as external disclosures.

Describing the context and manner in which an agency uses the records in a system would at least partially reveal the relationships among systems that are often obscured today. When a large, complex record system is covered by one system notice, the subsystems should be described in detail. The important concern should not be to define the level at which a subsystem must be described, or the way to describe indices, but rather that an agency present a true picture of how it uses information in a system and how the system itself is perceived by the agency. The goal should be to remain faithful to the Openness Principle by assuring that there are no secret systems. The possibility that an agency may comply with the technical requirements of the Act's notice provisions but still maintain systems that are effectively secret must be avoided.

The goal of facilitating public scrutiny is hindered by the fact that the Federal Register is at best a limited vehicle for reaching the general public. Every effort should be made to classify, compile, and index the information in notices logically. For example, it would be useful to differentiate between the large group of systems that are solely devoted to record keeping about agency personnel and the much smaller group that contains information on citizens in general. The Federal Register compilation should make it easy for a private citizen, a member of a public interest group, or a congressional staff member to pinpoint a particular type of record or system of records.

Given the limited readership of the Federal Register, however, the best way of making the citizen aware of systems in which he is included is through the "Privacy Act Statement," which is similar to the annual system notice, except that it also informs the individual of internal agency uses of information about him. Like the annual notices, however, Privacy Act Statements are often too vague or general to inform the individual adequately. They need not explain that supplementary information may be collected from other sources and not every agency or system is subject to the Statement requirement.

There is a problem in finding a balance between the length of a Privacy Act Statement and its clarity; if it is too long, individuals are not likely to read it; if it is too short, it may not convey enough information for the individual to understand fully how the information will be used. The contents of the Privacy Act Statement are discussed in the section on the Collection Limitation Principle.