We were not charged with developing criteria for determining when and for what purposes to establish personal data systems. It is doubtful that any such criteria are feasible or warranted. Our inquiry, however, has prompted us to make cautionary observations to those who must decide whether, when, and how to establish automated personal data systems.
The general proposition that records and record-keeping systems are desirable and useful does not necessarily apply to every system. Some data systems appear to serve no clearly defined purpose; some appear to be overly ambitious in scale; others are poorly designed; and still others contain inaccurate data.
Each time a new personal data system is proposed (or expansion of an existing system is contemplated) those responsible for the activity the system will serve, as well as those specifically charged with designing and implementing the system, should answer explicitly such questions as:
What purposes will be served by the system and the data to be collected?
How might the same purposes be accomplished without collecting these data?
If the system is an administrative personal data system, are the proposed data items limited to those necessary for making required administrative decisions about individuals as individuals?
Is it necessary to store individually identifiable personal data in computer-accessible form, and, if so, how much?
Is the length of time proposed for retaining the data in identifiable form warranted by their anticipated uses?
A careful consideration of questions such as these might avert the establishment of some systems. Even if a proposed system survives a searching examination of the need for it, the very process should at least suggest limitations on the collection and storage of data.
Formalized administrative procedures and requirements should be followed to assure that questions about the purposes, scope, and utility of systems are raised and confronted before systems are established or enlarged. Members of the public should also have an opportunity to comment on systems before they are created.
It is especially important that such procedures be followed whenever data collection requirements, imposed by any Federal department or agency on States, other grantees, or regulated organizations, are likely to result in the creation or enlargement of personal data systems. In our view, any such data collection requirement should be established by regulations adopted after the public has been given an opportunity to comment, rather than by less formal means, such as program guidelines or manuals. Adoption of a regulation also forces a Federal agency to go through a formal process of internal justification and executive review. In the case of Federal data-collection requirements, the notice of any proposed regulation should contain a clear explanation of why each item of data is to be collected and why it must be collected and stored in identifiable form, if such is proposed.