On July 25, 1973, the Advisory Committee on Automated Personal Data Systems of the Department of Health, Education & Welfare issued a report titled Records, Computers and the Rights of Citizens, which recommended the enactment of a federal Code of Fair Information Practice for all automated personal data systems.
The Code rested on five basic principles that would be given legal effect as "safeguard requirements" for automated personal data systems.
- There must be no personal data record keeping systems whose very existence is secret.
- There must be a way for an individual to find out what information about him is in a record and how it is used.
- There must be a way for an individual to prevent information about him that was obtained for one purpose from being used or made available for other purposes without his consent.
- There must be a way for an individual to correct or amend a record of identifiable information about him.
- Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuse of the data.
The proposed Code called for two sets of safeguard requirements: one for administrative automated personal data systems and the other for automated personal data systems used exclusively for statistical reporting and research. Special safeguards were recommended for administrative personal data systems whose statistical reporting and research applications are used to influence public policy.
The safeguard requirements defined minimum standards of fair information practice. Under the proposed Code, violation of any safeguard requirement would constitute "unfair information practice" subject to criminal penalties and civil remedies. The Code would also provide for injunctive relief. Pending legislative enactment of such a code, the report recommends that the safeguard requirements be applied through federal administrative action.
The report discussed the relationship of existing law to the proposed safeguard requirements. It recommended that laws that did not meet the standards set by the safeguard requirements for administrative personal data systems be amended and that legislation be enacted to protect personal data used for statistical reporting and research from compulsory disclosure in identifiable form.