Records, Computers and the Rights of Citizens. The Safeguard Requirements


An automated personal data system should operate in conformity with safeguard requirements that, as stated above, should be enacted as part of a code of fair information practice. It is difficult to formulate safeguard requirements that will assure, in every system, an appropriate balance between the interest of the individual in controlling information about himself and all other interests-institutional and societal. However, because the safeguards we recommend are so basic to assuring fairness in personal data record keeping, any particular system, or class of systems, should be exempted from any one of them only for strong and explicitly justified reason.

If organizations maintaining personal data systems are left free to decide for themselves when and to what extent to adhere fully to the safeguard requirements, the aim of establishing by law a basic code of fair information practice will be frustrated. Thus, exemptions from, or modifications of, any of the safeguard requirements should be made only as specifically provided by statute, and there should be no exemption or modification unless a societal interest in allowing it can be shown to be clearly paramount to the interest of individuals in having the requirement imposed. "Societal interest," moreover, should not be construed as equivalent to the convenience or efficiency of organizations that maintain data systems, the preference of a professional group, or the welfare of individual data subjects as defined by system users or operators.

Existing policies that guide the handling of personal data should not be uncritically accepted or reaffirmed. Nor should the basic "least common denominator" quality of the safeguards discourage law-making bodies, or organizations maintaining personal data systems, from providing individuals greater protection than the safeguards offer. Existing laws or regulations that provide protections greater than the safeguards should be retained; those that provide less protection should be amended to meet the standards set by the safeguards.