Legislative policy setting is, however, complicated by the fact that privacy issues usually occur as ancillary parts of legislation addressing other subjects. The data gathering and research sections of the proposed family assistance plan are an example. It is also the legislature's duty to set the rules for confidentiality requirements to guide the executive in its execution of the law. The census statutes are a clear example of one approach. Out of the controversy and debate over public policies, several principles are increasingly accepted. When Government or private industry places personal data on file, the individual should enjoy maximum access to records containing the information about himself. He should have the right to read and check the accuracy and completeness of the record, particularly when it is used to determine rights, benefits, or opportunities. He should have the right to contest the record in an appropriate proceeding. When information is collected from an individual for a given purpose, the use should be confined to that purpose. If the collector wishes to use the information for an additional purpose, he should make that clear originally or obtain consent later for the new use. The relevance of specific items of personal information should be established, or the items should be deleted from the file. The indiscriminate transfer of information on individuals from one organization to another should be prohibited. SAFEGUARDS FOR PRIVATE INFORMATION AND COMMUNICATIONS SYSTEMS Once the requirements for confidentiality have been established, the safeguards for private information can be identified. Our member companies, other industrial firms, concerned Government agencies, and academic researchers have been working actively in this area. Consideration must be given to the entire security environment if effective protection is to be established. Traditional sound and prudent business practices should apply for manual or computer recordkeeping. These include such basic and necessary items as physical security, appropriate personnel programs and guidelines, separation of responsibilities, provisions for checks and balances, accountability, and appropriate audit procedures. Our members and others recommend a variety of safeguards. They have helped work out procedural techniques for improving confidentiality; increased awareness and provided education for users so they may apply appropriate safeguards. They are continuing to study data security under the user's operating conditions, with the aim of developing still more devices and techniques; providing Government with technical counsel; taking part in professional forums, as well as in academic and sociological discussions, aimed at better understanding of the issues and problems. DATA SECURITY IN PRACTICE However, the computer manufacturers' most direct contributions are in the development of safeguards that can be built into the computer system itself. Often these have been designed for systems serving terminals located far from the computer room. In some such systems, the authorized user is given a password or number, known to him alone, which he can type into the terminal. In other systems the terminals are activated by special keys or badges, or a combination of these approaches. To assure greater confidentiality, some computer systems have the ability to restrict a user's access. The user's security clearances and restrictions may allow him access to certain files only, or certain records, or possibly only parts of records. In this case the computer system offers greater security than a manual filing system. When a user gains access to a manual file cabinet, he cannot readily be restricted to selected manila folders or to a portion of the information in a single folder. Access to the cabinet generally provides access to all the folders and all the information inside each. A computer system also can be programed to audit operations to detect attempted violations. The system can record all unauthorized requests in a log, so that appropriate action can be taken. Beyond the safeguard capabilities built into the computer system itself, basic data security is provided by traditional protective measures. In the installation location this includes locked computer rooms, identification cards, fire and theft protection, and the employment of trustworthy personnel, particularly programers and machine room operators. 29-625 (Pt. 3) O 74 - 10 For some systems, physical protection and businesslike procedures make the major contribution to security. Professor Westin observes in his report for the National Academy of Sciences which was based on actual case studies that the basic physical and administrative safeguards are judged by their own managements to be inadequately employed in many of the organizations surveyed.1 It should be recognized that with the large number and variety of types of computers in government and because of the complexity and scope of installed applications, each user has to review the available alternatives with their costbenefit tradeoffs and determine the appropriate safeguards to meet his specific needs. EXTENT OF PUBLIC ACCESS TO INFORMATION IN FEDERAL SYSTEMS The security measures discussed above as well as other matters currently under investigation by the Congress raise the issue of the extent of public access to information held by government. This issue is of particular importance to this committee due to its responsibility for the Freedom of Information Act. It is ironic that at the time of enactment of the FOIA in 1967, we were witnessing the first stirring of the concern with individual privacy which has brought us here today. As we see it, the FOIA was aimed at bringing to public view the decisionmaking process of the government. As we have seen, it can be used to endanger the privacy of citizens in their transactions with the government. There are few clear instances of the balancing needed to protect our privacy while maximizing the effective operation of our government. Speaking of balancing needs, we think the diversity of proposed legislation on the privacy issue should be looked at. Dr. Ruth Davis, at the November NES symposium, recognized this problem. She stated: "In 1973, some 70 bills concerned with protection of individual privacy were pending in the 50 State legislatures. Passage of any significant number of these bills, along with passage of some of the bills introduced into Congress could easily result in an unacceptable morass of conflicting requirements on service industries, technology, and regulatory or judicial organizations. Some national coherence must exist for any realism to be present in arriving at security in automation adequate to protect individual privacy." The proliferation of bills being introduced points up the need for a clear understanding of the benefits versus the cost trade-offs to be obtained. All interested parties the government, user organizations, manufacturers, and other concerned organizations and individuals need to examine, study, and understand this subject. Those concerned with privacy, should recognize that more sensitive information exists in manual files, therefore, legislation should consider both manual and automated records since negative information is just as damaging whether it is obtained from a computer or a manila folder. It is CBEMA's belief that if the collection of information and use of informa tion processing techniques are given sufficient consideration they will prove to be a benefit for the individual and for society. A balance is needed to insure that individual rights are protected while at the same time the general benefits to society that are made possible through the use of modern technology are not curtailed. We believe that a proper balance in each of these areas is both essential and achievable. We applaud the important work of this subcommittee in its focusing public attention upon the social and legal problems involved in today's information gathering activities. We offer our cooperation to any group engaged in the responsible inquiry into the balance between the rights and needs of the individual and those of society. Mr. Chairman, I will be glad to answer any questions you may have. 1 "Databanks in a Free Society," National Academy of Sciences, A. Westin, M. Baker. Quadrangle Press, 1972, pp. 455-456. CBEMA/DPG The content of this statement has been reviewed within CBEMA/DPG and its member companies as listed below. It is submitted as a general consensus of the member companies who have participated in its preparation. This has been accomplished even though in some areas these participants have diverse business interests, based upon particular products and markets they have developed or are developing, and the services they now offer or plan for the future, and would not have precisely the same position on all of the matters covered. Participating companies may also be submitting individual statement sin these hearings. In this matter they will be in a position to emphasize areas of their particular interest and policy considerations that they believe to be of particular importance. Action Communications Systems. Addressograph Multigraph Corp. Control Data Corp. Digital Equipment Corp. General Electric Co., Communication Systems Division. Honeywell Information Systems, Inc. |