Privacy Act of 1974

Overview
The Privacy Act of 1974 governs the collection, use, and dissemination of a “record.” about an “individual,” maintained by federal agencies in a “system of records.”

The provisions of the Privacy Act are largely based on a set of principles for protecting the privacy and security of personal information, known as the Fair Information Practice Principles, which were first proposed in 1973 by a U.S. government advisory committee. These principles, now widely accepted, include:


 * collection limitation,
 * data quality,
 * purpose specification,
 * use limitation,
 * security safeguards,
 * openness,
 * individual participation, and
 * accountability.

The Act does not apply to private sector databases. The Act regulates federal government agency recordkeeping and disclosure practices, and prohibits the disclosure of any record maintained in a system of records to any person or agency without the written consent of the record subject, unless the disclosure falls within one of twelve statutory exceptions. The Act allows most individuals to seek access to records about themselves, and requires that personal information in agency files be accurate, complete, relevant, and timely. The subject of a record may challenge the accuracy of information. The Privacy Act requires that when agencies establish or modify a system of records, they publish a “system-of-records notice” in the Federal Register.

Each agency is required to establish “rules of conduct for persons involved in the design, development, operation, or maintenance of any system of records, or in maintaining any record, and instruct each such person with respect to such rules and the requirements of [the Privacy Act]. . . .” Each agency that maintains a system of records is also required to “establish appropriate administrative, technical, and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained.”

The Privacy Act also applies to systems of records created by government contractors. Subsection (m) of the Privacy Act states:
 * "When an agency provides by a contract for the operation by or on behalf of the agency of a system of records to accomplish an agency function, the agency shall, consistent with its authority, cause the requirements of this section to be applied to such system. . . .".

The Privacy Act provides legal remedies that permit an individual to seek enforcement of the rights granted under the Act. The individual may bring a civil suit against the agency. The court may order the agency to amend the individual’s record, enjoin the agency from withholding the individual’s records, and may award actual damages of $1,000 or more to the individual for intentional or wilful violations.

Courts may also assess attorneys’ fees and costs. The Act also contains criminal penalties; federal employees who fail to comply with the act’s provisions may be subjected to criminal penalties.

The Office of Management and Budget (OMB) is required to prescribe guidelines and regulations for the use by agencies in implementing the act, and provide assistance to and oversight of the implementation of the act.

Legislative History
The entire legislative history of the Privacy Act of 1974 is contained in a convenient, one-volume compilation.

The Act was passed in great haste during the final week of the Ninety-Third Congress. No conference committee was convened to reconcile differences in the bills passed by the House and Senate. Instead, staffs of the respective committees &mdash; led by Senators Ervin and Percy, and Congressmen Moorhead and Erlenborn &mdash; prepared a final version of the bill that was ultimately enacted.

The original reports are thus of limited utility in interpreting the final statute, while the more reliable legislative history consists of a brief analysis of the compromise amendments &mdash; entitled "Analysis of House and Senate Compromise Amendments to the Federal Privacy Act" &mdash; prepared by the staffs of the counterpart Senate and House committees and submitted in both the House and Senate in lieu of a conference report.