The Privacy Act of 1974: An Assessment. APPENDIX 4 TO The Report of The Privacy Protection Study Commission.. What Is Covered by the Act


Where the Act fails to meets its objectives, the failure can often be traced, in part, to the record and system-of-records definitions that further limit its scope of application. The Privacy Act applies to a "record" that is "retrieved" from a "system of records" by the name of an individual "or by some identifying number, symbol, or other identifying particular" assigned to him. [5 U.S.C. 552a(a)(5)]

As defined in subsection 3(a)(4), "record" means:
. . . any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, his education, financial transactions, medical history, and criminal or employment history and that contains his name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a finger or voice print or a photograph. [5 U.S.C 552a(a)(4)]

This definition potentially includes every record that contains any kind of information associated with an individual. Subsection 3(a)(5), however, defines a "system of records" as:

. . . a group of any records under the control of an agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. [5 U.S. C 552a(a)(5)] Thus, unless an agency, in fact, retrieves recorded information by reference to a "name . . . identifying symbol, or other identifying particular. . .," the system in which the information is maintained is not covered by the Act.

Whereas the record definition refers to information about an individu-al that contains his name or identifier; the system-of-records definition refers to information about an individual that is retrieved by name, identifier, or identifying particular. The crucial difference between the two definitions is obvious, and the effect has been to exclude many records from the Act's requirements about individuals that are not accessed by name, identifier, or assigned particular. The Interior Department, for example, files its records on job candidates recommended by Congressmen under the Congressmen's names rather than the names of the applicants,9 and the Maritime Administration (Department of Commerce) files information on directors of shipbuilding firms by shipyard and shipbuilding contract rather than by the directors' names.10 All of these examples, however, are within the strictures of the law.

The system-of-records definition also creates uncertainty as to which records are, or should be, subject to the Act. For example, questions have been raised about the status of the State Department's cable system, which Federal agencies use to transmit information overseas. Because this computerized communications system has the ability to retrieve information in the cables on the basis of personal identifiers, the State Department might be considered to maintain an extensive system of records derived from other agencies' cable traffic. So far, however, there has been no clear determina-tion as to whether the cable system should be considered a State Department system of records or simply a facility for communicating information in records maintained by the user agencies.

In addition, some agencies treat record-keeping systems that techni-cally do not fall under the Act as if they did. The General Services Administration, for example, allows its employees access to merit promotion information, even though such information is filed by vacancy announce-ment number.11 The Interior Department has a system that records the number of ducks that duck hunters shoot each year. This information is neither filed nor retrieved by personal identifier, but because law enforce-ment officials are given, approximately ten times a year, the names of individuals who have reported shooting an endangered species, the Department decided that it would apprise the hunters of the uses that could routinely be made of the information they report.12

A further and extraordinarily important flaw in the system-of-records definition is that it springs from a manual rather than a computer-based model of information processing. In a manual record-keeping system, records are apt to be stored and retrieved by reference to a unique identifier. This, however, is not necessary in a modern computer-based system that permits attribute searches. An attribute search, in contrast to the convention-al "name search," or "index search," starts with a collection of data about many individuals and seeks to identify those particular individuals in the system who meet a set of prescribed conditions or who have a set of prescribed attributes or combination of attributes. For example, officials of the Veterans Administration (VA) testified in the Commission's hearings on medical records that the VA has produced lists of names for another agency by using psychiatric diagnosis, age, and several other personal attributes as the search keys.13

A growing number of computer systems today are also programmed to retrieve information by what is known as the "textual search" process. Briefly, the search program is keyed to "hit" on certain arrangements of characters or items of data as it scans material that has previously been assimilated into the system as raw text; such as reports, letters, or memoranda. It would appear, however, that such a system would not be subject to the Privacy Act because, by the Act's operating definitions, it does not constitute a system of records.

Finally, there appears to be some confusion as to whether all records retrieved by personal identifier should be considered subject to the Act. For example, the Agency for International Development (AID) has taken the position that some systems, such as those listing the weight of an individual's household effects and his official itinerary, should be removed from the Act's purview and has decided that lists already in the public domain, such as telephone lists and biographic registers, will not be treated as Privacy Act systems of records.14 The Department of State made a similar determination with respect to lists of blood donors and parking lot assignments.15