Records, Computers and the Rights of Citizens. Recommendations for Statistical Reporting and Research Systems

07/01/1973

In Chapter IV, we have recommended enactment of legislation establishing a code of fair information practice for all automated personal data systems. All the features of that code would apply to systems used exclusively for statistical reporting and research. Thesafeguard requirements to be included in the code for such systems are set forth below. They are designed to help protect the individual citizen against unintended or unforeseen uses of information he provides exclusively for statistical reporting and research, and to help assure that the uses organizations make of statistical-reporting and research data are subjected to independent expert review and open public discussion. Pending the enactment of a code of fair information practice as outlined in Chapter IV, we recommend that all Federal agencies (i) apply the safeguard requirements, by administrative action, to all Federal statistical-reporting and research systems, and (ii) assure, through formal rule making, that the safeguard requirements are applied to all systems within reach of the Federal government's authority. Pending the enactment of a code of fair information practice, we also urge that State and local governments, the institutions within reach of their authority, and all private organizations adopt the safeguard requirements by whatever means are appropriate.

In addition, we recommend that all personal data in systems used exclusively for statistical reporting and research be protected by statute from compulsory disclosure in identifiable form. The safeguard requirements recommended below are premised on the enactment of legislation granting such protection. There is no requirement, for example, guaranteeing data subjects access to the contents of records maintained about them. Theoretically, no such requirement is needed, since statistical-reporting and research data systems are not intended to be used to affect individuals directly; granting individuals access to records that can have no direct consequences for them as individuals would interfere with a system's operations to no useful end. In practice, however, the vulnerability of data in many statistical-reporting and research systems to compulsory disclosure in identifiable form means that for individual data subjects to be adequately protected from unforeseen disclosurers, those data must be afforded immunity from disclosure through compulsory legal process.

The safeguard requirements for statistical-reporting and research systems are modeled closely on the safeguard requirements for administrative systems in Chapter N. Hence explanatory notes are provided only in those cases where a requirement has been modified to fit the special characteristics of statistical-reporting and researchsystems. Where no notes appear following a requirement, the reader should refer to the notes on the corresponding safeguard in Chapter IV.