The IT Law Wiki


Section 5 of the 1974 Privacy Act established the U.S. Privacy Protection Study Commission (PPSC) to evaluate the statute and to issue a report containing recommendations for its improvement.

The Commission, a temporary,[1] seven-member panel tasked to

make a study of the data banks, automated data processing programs, and information systems of governmental, regional, and private organizations, in order to determine the standards and procedures in force for the protection of personal information.[2]

The commission was to

recommend to the President and the Congress the extent, if any, to which the requirements and principles of [the Privacy Act] should be applied to the information practices of [such] organizations by legislation, administrative action, or voluntary adoption of such requirements and principles, and report on such other legislative recommendations as it may determine to be necessary to protect the privacy of individuals while meeting the legitimate needs of government and society for information.[3]

The commission began operations in early June 1975 under the leadership of chairman David F. Linowes, a University of Illinois political economist, educator, and corporate executive.4

Final report[]

In 1977, the Commission issued its final report titled Personal Privacy in an Information Society (1977),[4] and ceased operation. The report noted that:

Every member of a modern society acts out the major events and transitions of his life with organizations as attentive partners. Each of his countless transactions with them leaves its mark in the records they maintain about him.

It point out that:

as records continue to supplant face-to-face encounters in our society, there has been no compensating tendency to give the individual the kind of control over the collection, use, and disclosure of information about him that his face-to-face encounters normally entail.

In the Report, the Commission found that the 1974 Privacy Act "had not resulted in the general benefits to the public that either its legislative history or the prevailing opinion as to its accomplishments would lead one to expect. . . ."[5]

The Report offered 162 recommendations. The Report strongly stated that the Act was too vague to meet its stated purposes. Specifically, the Commission found that:

  • the definition of "systems of records" was too restrictive and that a broader definition incorporating how agencies accessed records was needed;
  • the "routine use" exemption was unclear and was already being used in unintended and poorly disclosed ways; and
  • the SORNs that were being published were unhelpful in informing the public about policies and practices.

However, the Commission’s recommendations to address these problems were never passed by Congress nor addressed in any of OMB’s future privacy guidance. Many current issue

s with the Privacy Act of 1974 were identified by the Commission in its 1977 Final Report. 


  1. The Commission was a temporary commission created as a compromise to those who wanted a permanent privacy oversight agency.
  2. 88 Stat. 1906.
  3. Id.
  4. See generally Doe v. Chao, 540 U.S. 614, 622-23 (2004) (full-text) (looking to mandate and recommendation of the Privacy Protection Study Commission in connection with the legislative history to interpret the Privacy Act of 1974 damages provision).
  5. Report, at 502.