purposes for which the number is required to be obtained or recorded; or in aid of research activities whose design incorporates rigid safeguards to protect the confidentiality of personal data, including the Social Security number [Ch. VIII, pp. 132-134].

(v) to monitor all future legislative proposals dealing with the Social Security number and to recommend actions to be taken by the Secretary to assure that such proposals will be enacted only after full and careful consideration in well advertised hearings that elicit substantial public participation [Ch. VIII, pp. 129-130].

Additional Action

In addition to the steps necessary to put our recommendations into effect, there are some further steps the Department can take to assure that the goals of the recommendations are fully achieved. These include:

• Communicating opposition to any proposal for the adoption of any nationwide, standard, personal identification format, with or without the SSN, that would enhance the likelihood of arbitrary or uncontrolled linkage of records about people, particularly between government or government-supported automated personal data systems;

• Making comments on proposed Federal legislation having implications for personal privacy in record keeping which will seek to assure incorporation in such legislation of safeguard requirements of the kind recommended in this report for all automated personal data systems;

• Encouraging attention in all forms of educational activity to the individual citizen's stake in his personal privacy, to the practical exercise of his rights with respect to the records maintained about him, and to the social impact of computerbased record-keeping systems;

• Supporting research on the use and impact of computerbased record-keeping systems in such areas as education,

health services delivery, public assistance, juvenile delinquency prevention, and community mental health;

• Encouraging the development of standards of ethical behavior and professional competence for data-processing personnel;

• Enhancing the capacity of the Federal government to design and develop computer-based record-keeping systems without reliance on outside specialists;

• Monitoring the application of the safeguard requirements to determine whether they are having their intended effect and, most important, whether they are themselves a source of any adverse social consequences;

Cooperating with the States in developing uniform State legislation to establish the recommended code of fair information practice for all automated personal data systems that would not be reached by Federal legislation. Among the organizations through which such cooperation might be undertaken are the National Conference of Commissioners on Uniform State Laws, the Advisory Commission on Intergovernmental Relations, the Council of State Governments, the National Governors Conference, the National Legislative Conference, and the National Conference of State Legislative Leaders.

• Urging the Office of Management and Budget to direct all Federal agencies to require their grantees and contractors to operate automated personal data systems with all the safeguards we recommend for systems supported by the Department. In the interest of convenience and simplicity for grantees and contractors, the Office of Management and Budget might prescribe government-wide grant and contract conditions incorporating the safeguard requirements we recommend, just as it now prescribes conditions in such areas as intergovernmental planning and financial management. While such action may not be feasible until there has been some experience in applying the safeguard requirements, we would expect to see the Department take a lead role in promoting

uniform, government-wide safeguard requirements for automated personal data systems of Federal grantees and contractors.

Organizational Responsibility

Responsibility for taking the actions necessary to implement our recommendations will have to be assigned to many officials of the Department who are already burdened with other duties. They will need guidance and assistance. The Secretary will need to designate someone who can devote substantial time and effort to assuring that these actions are taken in a timely and effective fashion. Therefore, an official in the Office of the Secretary should be given responsibility to serve as a combination advisor, monitor, and catalyst to assure that the concerns addressed in this report receive continuing attention, and specifically, to assure that automated personal data systems within the Department, and within grantee and contractor agencies, are operated in accordance with the safeguards we recommend. This official should have adequate authority, staff, and support to conduct these activities effectively.

This official should be directed to embark on a positive program of heightening concern within the Department for the issues raised in this report. This program should reach to all who now do, or are apt in the future, to use, direct, or contribute to the use or development of automated personal data systems, at all Civil Service grade levels and in all operating agencies.

Immediate Action

We expect that the Secretary may wish to have the report reviewed by many key officials of the Department, including the heads of each of the Department's operating agencies. Following such a review, a detailed plan to carry out the foregoing action agenda will have to be formulated.

Once such a plan has been adopted, responsibility will have to be assigned to someone to oversee its execution. To start this process we recommend that the Secretary:

• Assign responsibility for distributing the report for review to the Executive Secretary of the Department; and

• Assign responsibility for preparing a detailed plan to carry out the action agenda to an official in the Office of the Secretary.