Privacy Protection Study Commission

Narrative Justification

Appropriation Request

FY 1977

Public Law 93-579, approved December 31, 1974, created the

Privacy Protection Study Commission and is cited as the "Privacy Act of 1974."

The Privacy Act of 1974 requires the Commission:

(1)

(2)

(3)

To make a study of the data banks, automated
data-processing programs, and information
systems of governmental, regional, and private
organizations, in order to determine the stan-
dards and procedures now in force for the pro-
tection of personal information;

To recommend to the President and to the Congress
the extent, if any, to which the requirements and
principles of P.L. 93-579 should be applied to
organizations other than agencies of the Federal
Executive branch; and

To report on such legislative recommendations as
the Commission may determine to be necessary to
protect the privacy of individuals while meeting
the legitimate needs of Government and society
for information.

The Commission's program of inquiry must encompass a wide enough range of governmental and private-sector record-keeping activities to support the Commission's recommendations to the President and to the Congress. However, as part of the study called for in (1), above, the Commission is expressly required to report on five specifically enumerated information policy

issues:

whether a person engaged in interstate commerce who maintains a mailing list should be required to remove

the name and address of any individual who does not
want to be on the list;

whether the Internal Revenue Service should be pro-
hibited from transferring individually identifiable
data to other Federal agencies and to agencies of
State government;

whether an individual who has been harmed as a conse-
quence of a willful or intentional violation of the
Privacy Act of 1974 should be able to use the Federal
Government for general damages;

whether--and if yes, in what way--the standards for
security and confidentiality of records that the
Privacy Act requires Federal agencies to adopt should
be applied when a record is disclosed to a person other
than an agency; and

whether, and to what extent, governmental and private
information systems affect Federal-State relations and
the principle of separation of powers.

Finally, in any study the Commission undertakes, it is required to:

(1) Determine what laws, Executive orders, regulations, directives, and judicial decisions govern the activities under study, as well as the extent to which they are consistent with the rights of privacy, due process, and other guarantees in the Constitution; and

(2)

To the maximum extent practicable, to collect and use findings, reports, studies, hearing transcripts, and recommendations of governmental, legislative and private bodies, institutions, organizations, and individuals which pertain to the problems under study.

The Commission Program

As currently planned, the Commission's program focusses on three dimensions of the privacy protection problem:

Record-keeping policies and practices;

Information policy issues that cut across
a range of
personal data record-keeping activities; and

Trends that will influence the uses that organizations make of recorded information about individuals.

Record Keeping Policies and Practices.

At its October, 1975

meeting, the Commission identified as priority subjects of inquiry the privacy-related record-keeping policies and practices of the following types of organizations:

These 14 priority inquiries are the foundation stones of the Commission's program, and are the areas in which the Commission plans to hold the majority of its public hearings. Key questions to be asked in regard to each are: (1) whether existing statutes and regulations (both Federal and State) already adequately protect the individual from known or foreseeable privacy abuses; (2) whether the principles and requirements of the Privacy Act of 1974 should be preferred to whatever laws or policies now apply; and (3) whether there are developments on the horizon which

* Inquiry specifically required by Section 5(c)(2)(B) of P.L. 93-579.

portend major shifts in the way in which information about individuals is now collected, used, and disseminated.

Wherever possible the Commission will examine and evaluate the effectiveness of recently enacted Federal and State privacy protection statutes, such as the Fair Credit Reporting Act; the Family Educational Rights and Privacy Act; the Fair Credit Billing Act; and the Fair Credit Reporting and Fair Information Practices statutes of States such as California, Maryland, Illinois, Tennessee, Minnesota, Arkansas, New Hampshire, and Utah. Care will also be taken to assure that the public record created by these inquiries will be as complete and accurate as possible, so as to provide a sound base for future governmental and privatesector deliberation and action.

Most of the 14 priority inquiries respond to suggestions the Congress made to the Commission in Section 5 of P.L. 93-579. All are necessary to fulfill specific requirements that the Congress has levied on the Commission. It almost goes without saying, for example, that the Commission could not responsibly recommend whether the principles and requirements applied outside the Federal government without first understanding and evaluating the Act's strengths and weaknesses in those situations where it now does apply.

of the Act should be

Cross-Cutting Information Folicy Issues. One of the first actions of the Commission was to create a Subcommittee on Privacy and Freedom of Information, chaired by Commissioner Robert Tennessen of Minnesota. This was done primarily to keep the