The Privacy Act of 1974: An Assessment. APPENDIX 4 TO The Report of The Privacy Protection Study Commission.. "Records" And "Systems of Records"

01/07/1977

As indicated earlier, the Congress wanted to include in the definition of the term "record2 every agency record that contains any kind of individually identifiable information. Because it was mindful of the burden such a definition could impose on an agency, however, it limited the Act's coverage to records retrieved from "systems of records" by "name . . . or identifying number, symbol, or other identifying particular. . . ." [5 U.S.C. 552a(a)(5)] Thus, unless an agency actually retrieves recorded information by reference to a "name . . . identifying symbol, or other identifying particular . . .," the "system" in which the information is maintained is not covered by the Act. While the term "record" refers to all information about an individual which contains his name or identifier, the term "system of records" applies only to information about an individual which is retrieved by name, identifier, or identifying particular. As explored earlier, the effect of this distinction is wholesale exclusion from the Act's scope of records that are not accessed by name, identifier, or assigned particular. An individual whose record is retrieved by these means cannot avail himself of the protections the Act would otherwise afford him.

There are many examples of readily accessible individually identifiable agency records that are not retrieved by personal identifier, and currently deployed and developing computer and telecommunications technologies appear likely to create more. While the language of the Act speaks in terms of retrieval by discrete individual identifiers, most automated record systems permit identification of an individual (or, more precisely, his record) based on any combination of the individual's attributes or characteristics, natural or assigned, as well as by reference to "individual identifiers" in the more conventional sense. Thus, it would be easy to program a computer to locate particular individuals through "attribute searches."3 Moreover, retrieval of individually identifiable information by scanning (or searching) large volumes of machine-readable text is not only possible but an increasingly frequent practice.

In summary, the "system of records" definition has two limitations. First, it undermines the objective of providing an individual access to the records an agency maintains about him. Second, by serving as the sole activating, or "on/off," switch for the Act's other provisions, it unnecessarily limits the reach of the Act.

In order to reduce the problems raised by the term "system of records" and to better achieve the basic objectives of the law, the Commission believes the Act's definition of "system of records" should be abandoned and its definition of "record" amended. Specifically, the term "record" should be expanded to include attributes and other personal characteristics assigned to an individual, and a new term, "accessible record" [(a)(6)],4 should be introduced to delineate those individually identifiable records that will be available to an individual in response to his request for access to records about himself. This formulation would encompass records which, while not retrieved by an individual identifier, could be retrieved by an agency without an unreasonable burden either through normal retrieval procedures or because the subject could direct the agency to the record's location. If an individual knew he was mentioned in a particular file, for example, he would be entitled to have access to that information whether or not it was the agency's practice to access the record by reference to his name or other identifying particulars. In implementing this provision [(a)(6)(B)], however, an agency should not have to establish any new cross-referencing schemes simply for the purpose of responding to access requests. In this connection, the Commission would also urge deletion of the clause in the current Act [5 U.S.C. 552a(d)(1)] which requires an agency to allow an individual access "to any information pertaining to him which is contained in the system . . . ." This requirement is impossible to satisfy since an agency often does not know how to find all such information. .

The Commission also believes that the terms "record," "individually identifiable record," "accessible record," and "system" should operate as distinct activating, or "on/off," switches for separate provisions of the statute. This would allow more flexibility and broaden the reach of the Act, which currently relies on the "system of records" definition to delineate its scope. For example, in the proposed revision the accessible record definition (controlling access by the individual) is broader than the individually identifiable record definition (controlling the information management requirements) and the system definition (controlling Federal Register publication).

Finally, the Commission suggests a change in subsection 3(m) of the current law which limits its scope by applying its provisions to systems of records maintained by some contractors but not to any maintained by grantees. [5 U.S. C 552a(m)] Agency personnel interviewed by the Commission staff expressed the view that, in many cases, the implicit distinction in the Act between contractors and grantees is artificial. The Commission agrees. Moreover, in Chapter 15 of its final report, the Commission recommends that a uniform set of requirements and safeguards be applied to records collected or maintained in individually identifiable form for a research or statistical purpose under Federal authority or with Federal funds. The Commission further suggests that the Privacy Act be the basic vehicle for implementing these recommendations. [(a)(5), (d)(14), (g), and (m)]

The rest of this chapter is a commentary on the provisions of the illustrative statute in the order in which they are presented in Appendix B.