10 national interests or privacy rights require it and, further, that any exceptions to full disclosure should be based on the characteristics of the information and not on the agency collecting the data or its applicable legislation. Accordingly, the Commission recommends that Congress review the laws now encompased in the (b)(3) exemption of the FOIA with a view toward repealing this exemption. Information maintained and used solely for statistical or research purposes is not treated uniformly under existing law. The Commission believes that such information should not be used, where the respondent's identity is stated or inferable, for enforcement, regulatory, or administrative purposes, nor should it be publicly disclosed in identifiable form. On the other hand, information collected for regulatory, compliance, or other administrative purposes is a valuable source of statistical data and its utilization in identifiable form solely for statistical purposes should be encouraged as long as adequate confidentiality and security safeguards are provided. Accordingly, the Commission recommends (Recommendation No. 7), as part of the proposed FIPA or as separate legislation, the enactment of statutory provisions to restrict the use and disclosure of information collected or maintained solely for statistical purposes but to require the prompt public disclosure of the results of such research in nonidentifiable form. This legislation would also make available solely for statistical use and only with adequate confidentiality and security safeguards most information (including the Census Bureau's "Industrial Directory") maintained by the Federal Government. Another cluster of recommendations (Nos. 8-12) calls for changes in the Privacy Act: Recommendation Nos. 8 and 9 suggest alternative methods of revising the exemption provisions of the Privacy Act. We propose that exemptions be based on the characteristics of the information to be exempted rather than on the agency maintaining the information or the system of records in which the information is contained. Pending a basic revision of the Act's exemption provisions, the Commission urges Congress to repeal or amend subsections (j) and (d)(5). Recommendation No. 10 suggests a comprehensive revision of the nondisclosure provisions of the Act to replace and consolidate existing confidentiality provisions in specific program legislation. The new provisions would be based on distinctions in the sensitivity of the data to be disclosed. This would serve two major purposes. It would replace existing inconsistent laws with one comprehensive statute. Equally important, it would permit freer disclosure of certain types of information while imposing further restrictions on the disclosure of sensitive data. In all instances, nonconsensual disclosures to other agencies would be limited to that information necessary and relevant to the purpose of the disclosure. Furthermore, no agency could deny an individual a right, privilege, or benefit provided by Federal law because of that individual's failure or refusal to consent to an agency's disclosure of personal information about him. These proposed amendments would permit the more effi- Recommendation No. 11 proposes that Congress amend Recommendation No. 12 urges the Congress, when it The preceding recommendations, whether administrative or statuto- Closely related to overall compliance issues are those dealing with information security and safeguards. We therefore recommend the prompt initiation of demonstration projects to test and evaluate safeguard/security guidelines. These "risk management" tests should be conducted before final Federal security standards are promulgated. (See Recommendation No. 4.) Organization of the Report The balance of this report consists of five sections. Section II examines the current state of the law on confidentiality and information sharing. The Freedom of Information Act is introduced as a comprehensive public disclosure statute and its exemptions noted. Statutory prohibitions against disclosure or release of information are also noted. Separate and detailed treatment is given to (1) individual information, (2) proprietary business data, (3) information kept secret in the interests of national security, and (4) confidentiality of data shared by more than one agency. Section III examines administrative implementation and operation of Federal information laws in this field. The analysis focuses on (1) administrative and bureaucratic constraints on data sharing and (2) agency administration of the Freedom of Information Act and the Privacy Act. This analysis pinpoints inadequacies in existing compli- 11 ance machinery and argues for organizational and administrative reforms along with revised sanctions for agency noncompliance. Section IV discusses the confidentiality constraints on information sharing. Relying extensively on other studies of this Commission, this Section describes the common and distinctive barriers to sharing depending on the kind of data involved. The data categories examined here are individual information, proprietary business data, statistical data used for research purposes (as opposed to rulemaking and/or enforcement), and information exchanged among Federal, State and local agencies. This section concludes with an assessment of the positive and negative influences of technology on information sharing. Section V examines Federal confidentiality standards and security safeguards. "Adequate" security is defined in terms of a system's ability to prevent unauthorized or accidental disclosure, destruction, diversion, or alteration of records and files. Existing security standards are then reviewed. Approaches and guidelines are suggested to strengthen these safeguards where specific deficiencies have been found. Section VI summarizes the findings of the report and presents the Commission's recommendations. Federal Information Policy: This legislation springs from one of our most essential So stated President Johnson, on July 4, 1966, upon signing P.L. A popular government, without popular information, or the Yet it was not until roughly ten years ago that legislation was 'As stated when the Act was passed, “[a]lthough the theory of an informed electorate is vital to the proper operation of a democracy there is nowhere in our present law a statute which affirmatively provides for that information". S. Rep. 813, 89th Cong., 1st Sess., p.3 (1965). P.L. 89-487, 5 U.S.C. §552, amended Section 3 of the Administrative Procedure Act (P.L. 85-169, 5 U.S.C. §1002). Although Section 3 was referred to as the "public information" section, it was not a general public information law and did not provide for public access to official records generally. It permitted withholding information if secrecy was required by "the public interest" or "good cause" and restricted access to persons "properly and directly concerned" with the information. 2 Letter to W.T. Barry, August 4, 1822, 9 Writings of James Madison, p. 103 3 P.L. 89-487, as amended by P.L.90-23 (1967), 5 U.S.C. §552. 13 recently, concerns for the protection of individual privacy have further limited public access to Government information. Obviously, the development of technology, the growth of the information industry, and the ever-increasing role of government in the lives of ordinary citizens have all contributed both to public demand for and executive branch attempts to withhold information. The Congress has attempted to strike a balance between these competing interests by establishing, through the Freedom of Information Act (FOIA), a public policy of the fullest public disclosure "consistent with individual privacy and with the national interest" and by prescribing the specific types of information which may be withheld from public disclosure. Whether, apart from the public access rights provided by the Freedom of Information Act, there is a Constitutional foundation for a public right of access to government information is a matter still open to discussion. No Federal court has yet been confronted with this issue. In any event, the balancing test employed by the courts in First Amendment freedom of speech cases is the same test generally used by the courts in FOIA cases to determine whether specific exemptions to the Act should be applied. The question has been consistently presented as one requiring a balancing between the public's right to know and the Government's need to keep information secret, with the presumption in favor of public disclosure. Thus, the courts have consistently held that the disclosure provisions of the FOIA must be broadly interpreted and the exemptions narrowly construed. As far as disclosure to the public is concerned, the amended Act even provides a triggering mechanism for declassifying national security information by providing for in camera review and de novo consideration of the classification of information "kept secret in the interest of national defense or foreign policy."8 5 Extract from statement of President Johnson upon signing P.L. 89487 on July 4, 1966: I am instructing every official in this administration...to make information available to the full extent consistent with individual privacy and with the national interest." • Cf. cases cited in n. 7, infra, with Pickering v. Board of Education, 391 U.S. 563 (1968); Gibson v. Florida Legislative Investigative Committee, 372 U.S. 539 (1963); New York Times Co. v. Sullivan, 376 U.S. 254 (1964); Sheppard v. Maxwell, 384 U.S. 333 (1966); Baldwin v. Redwood City, 540 F.2d 1360 (9th Cir., 1976); Vietnam Veterans Against the War v. Morton, 379 F.Supp. 9 (D.D.C., 1974), rev'd on other grounds, 506 F.2d 53 (D.C. Cir., 1974); A Quaker Action Group v. Morton, 516 F.2d 717 (D.C. Cir., 1975); Cox Broadcasting Corp. v. Cohn, 420 U.S. 469 (1975). See also Halperin v. Department of State, et al., Civ. No. 76-1528 (D.C. Cir., Aug. 16, 1977), n. 13 and 14 and accompanying text. 7 Department of Air Force v. Rose, 425 U.S.352 (1976); Environmental Protection Agency v. Mink, 410 U.S. 73, 80 (1973); Vaughn v. Rosen, 484 F.2d 820, 823 (D.C. Cir., 1973), cert. den. 415 U.S. 977 (1974), 523 F.2d 1136 (D.C. Cir., 1975); Soucie v. David, 448 F.2d 1067, 1080 (D.C. Cir., 1971). 14 85U.S.C. §552(b)(1). |