July 1977
In addition to bringing Federal agency record-keeping policy more into the open, and giving individuals certain participatory rights with respect to agency record-keeping practices, the Privacy Act of 1974 requires the agencies to assume some new information management responsibilities. On the theory that most agency records about individuals ought to be made and kept for purposes of mutual interest between the agencies and those individuals to whom the records pertain, but that the agencies have had few incentives to keep their record keeping within that shared framework, the Act seeks to establish some basic ground rules regarding the acquisition, retention, and dissemination of individually identifiable records.
This chapter describes what those ground rules are, assesses their impact on agency policy and practice, and attempts to explain why some of them have not had the effect they were expected to have. The chapter explores three topics: (l) the impact on collection; (2) the impact on the type and quality of information maintained; and (3) the impact on disclosure to third parties. Like Chapter l, the picture it presents is a mixed one. Clearly, .the Act's impact has been far less resounding than prevailing opinion would suggest but there are signs nevertheless that the Act could be quite effective if it were refined and strengthened.
IMPACT ON INFORMATION COLLECTION
Subsections 3(e)(1), 3(e)(2), and 3(e)(7) of the Privacy Act require each agency that maintains a system of records to:
. . . maintain in its records only such information about an individual as is relevant and necessary to accomplish a purpose of the agency required to be accomplished by statute or by executive order of the President. . .[5 U.S.C. 552a(e)(1)];
. . . collect information to the greatest extent practicable directly from the subject individual when the information may result in adverse determinations about an individual's rights, benefits, and privileges under Federal programs . . . [5 U.S. C 552a(e)(2)] [and]
. . . maintain no record describing how any individual exercises rights guaranteed by the First Amendment unless expressly authorized by statute or by the individual about whom the record is maintained or unless pertinent to and within the scope of an authorized law enforcement activity. . . . [5 U.S. C 552a(e)(7)]
In addition, Section 7 of the Act forbids
any Federal, State, or local government agency to deny to any individual any right, benefit, or privilege provided by law because of such individual's refusal to disclose his Social Security number
and further requires that
any Federal, State, or local government agency which requests an individual to disclose his Social Security account number shall inform that individual whether that disclosure is mandatory or voluntary, by what statutory or other authority such number is solicited, and what uses will be made of it.
None of these several collection requirements and prohibitions appears to have had a profound impact on agency record-keeping practice, mainly because they are either too broadly worded or have been perceived as nothing more than restatements of longstanding agency policy.1 Where they have had an effect, it can often be traced to their interaction with some of the public-reporting requirements discussed in Chapter l.
SUBSECTIONS 3(E)(1) AND 3(E)(2)
By themselves, subsections 3(e)(1) and 3(e)(2) do not appear to have changed agency practice markedly. Only when coupled with subsection 3(e)(3), the so-called "Privacy Act Statement" requirement, have they had a modest impact on agency information gathering.
In their 1975 annual reports, OMB specifically asked the agencies to evaluate the impact of subsection 3(e)(2) on the quality and quantity of information they gather directly from individuals. Of the agencies that commented, only the Department of Labor reported that responses to its survey questionnaires had improved2 but no agency reported that there had been a decline in the quality or quantity of information it was able to gather from individuals directly. This experience was reaffirmed in the 1976 annual reports of 43 agencies. Moreover, only the Department of Housing and Urban Development and a portion of the Department of Health, Education, and Welfare reported any difficulty in collecting information from individuals. The difficulty occurred only in surveys, and in the DHEW case was of minor consequence.3
During the Privacy Protection Study Commission's October 1976 staff workshop on research and statistics, the Act's effect on survey research was explored in some detail. The Department of Defense Manpower Data Center and the Agriculture Department reported that the Act had had no effect on response rates in their surveys. Veterans Administration participants, however, said that before the Privacy Act took effect, the VA's survey response rate had been 75-80 percent, but when Privacy Act Statements were incorporated into its questionnaires, the rate fell to around 60 percent .4 The Bureau of the Census also reported that since the Privacy Act took effect its participant refusal rate had increased 50 percent (from l.5 to 2.2 percent), but the Bureau's response rate is still about 97 percent. Census attributed the change to interviewers making less vigorous efforts to persuade hesitant individuals to participate.5
INFORMATION ON FIRST AMENDMENT RIGHTS
Subsection 3(e)(7) appears to have had little, if any, effect on the collection of information about an individual's exercise of his First Amendment rights. The National Science Foundation reports that it no longer collects such information,6 but most agencies have been able to justify continuation of their previous practices on the grounds that all government agencies are, strictly speaking, involved in some type of law enforcement.
The Civil Service Commission (CSC) experience also illustrates some of the difficulties an agency can encounter in implementing subsection 3(e)(7). Under Executive Order 10450, which the Privacy Act superseded in part, the CSC was required to collect association and affiliation information on candidates for government employment. Until April 26, 1977, when it received supplemental funds for 10 new positions, the CSC continued to release Federal employees' files to other agencies without removing the association and affiliation information that had been put in them when Executive Order 10450 was fully in effect.7 Only if an individual asked to see his file would the CSC purge the information, in which case it would give the individual a copy of both the old file and the new, and then destroy the old. With 10 additional positions, however, the CSC will now be able to purge such information before disclosing it to a third party, regardless of whether the individual has asked to see his file.8
SOCIAL SECURITY NUMBER
Section 7 of the Act also appears to have had little effect on agency data collection practices. The National Endowment for the Arts eliminated the Social Security number (SSN) from its grant application forms;9 NASA removed it from its aircraft crew qualification records, its training request records, and its classified visit notification forms; 10 and the Department of Labor ceased to collect it from State unemployment agencies for use in the Department's system on "Characteristics of Insured Unemployed."11 However, the prohibition on denying an individual any right, opportunity, or benefit does not nullify any requirement, established by Federal statute or regulation prior to January l, 1975, to use the SSN to verify the identity of an individual. Thus the practices associated with most agency systems remain unchanged. 12
THE THIRD-PARTY SOURCE ISSUE
In both 1975 and 1976, many agencies reported that third parties had become less willing than before to divulge information about individuals to government agents conducting employment and security investigations and to panels reviewing applications for research grants. Yet it is not clear that the problem is a serious one or that the Act is its chief cause. The agencies' 1975 annual reports only covered the period from September 27 through December 31 (i.e., the three months immediately after the Act took effect), and while a year later OMB reported that 14 agencies (including Justice, Treasury, Defense, State, DHEW, the Civil Service Commission, and the Veterans Administration) were still finding third parties less willing to provide information than they were before the Act took effect, it saw little evidence that agencies were unable to obtain "sufficient, relevant information to achieve their purposes."13 Furthermore, the Civil Service Commission appeared to be solving its problem by reducing the amount of marginal utility information it gathers in employment and security investigations.
The reported reluctance of third-party sources has taken many forms, and many explanations for it have been offered. The State Department reported that Foreign Service Officers had become reluctant to provide adverse information on their co-workers, but attributed the change to a "prevailing . . . reluctance" to disclose personal information and to "suspicion of government institutions."14 The Securities and Exchange Commission (SEC), on the other hand, expressed concern about the effect of the Privacy Act Statement. Reciting a long list of "routine uses" made sources "confused, tense and/or bored," the SEC said, and often curtailed their cooperation.15 NASA has claimed that third parties are less willing than before to say anything that could result in an unpleasant confrontation,16 and the Civil Service Commission has noted a decline in responses to written inquiries but not to the questions put in direct interviews. 17
Seven agencies remarked on the reluctance of record-keeping organizations to disclose information. The Department of Defense (DOD), for example, reported that many corporations would not disclose information about an individual without his written authorization.18 The Canal Zone Government19 and the Energy Research and Development Administration (ERDA)20 noted a decline in the willingness of educational institutions to disclose information about teachers and students (the latter no doubt attributable more to the Family Educational Rights and Privacy Act of 1974 than to the Privacy Act).21 The Social Security Administration noticed that some physicians and medical institutions had become less willing to provide information on applicants and recipients of benefits,22 and the Secret Service reported some difficulty in getting information from State and local law enforcement agencies, as well as from other Federal agencies.23
The Act's treatment of confidentiality pledges has been the one common thread linking the agencies' observations and complaints about its alleged effect on third-party sources. Subsections 3(k)(2) and 3(k)(5) of the Act allow an agency to exempt a system of records from the individual access requirement if the system is
. . . investigatory material compiled for law enforcement purposes, other than material within the scope of subsection Ú)(2) . . .. Provided, however, that if any individual is denied any right, privilege, or benefit that he would otherwise be entitled [to] by Federal law, or for which he would otherwise be eligible, as a result of the maintenance of such material, such material shall be provided to such individual, except to the extent that the disclosure of such material would reveal the identity of a source who furnished information to the Government under an express promise that the identity of the source would be held in confidence, or, prior to the effective date of this section, under an implied promise that the identity of the source would be held in confidence; [5 U.S.C. 552a(k)(2)] [or]
. . . investigatory material compiled solely for the purpose of determining suitability, eligibility, or qualifications for Federal civilian employment, military service, Federal contracts, or access to classified information, but only to the extent that the disclosure of such material would reveal the identity of a source who furnished information to the Government under an express promise that the identity of the source would be held in confidence, or, prior to the effective date of this section, under an implied promise that the identity of the source would be held in confidence. [5 U.S.C 552a(k)(5)] (emphasis added)
The OMB Guidelines, like the Senate-House floor statement on the Act, firmly assert that the two italicized clauses must not be used to "deprive an individual from knowing of the existence of any information maintained in a record about him which was received from a confidential source."24 The Guidelines also state that pledging confidentiality to sources of information on applicants must be limited to "the most compelling circumstances" and that agency
regulations and any implementing procedures will not provide that all information collected on individuals being considered for any particular category of positions will automatically be collected under a guarantee that the identity of the source will not be revealed to the subject of the record.25
The rationale for the agencies' objections to these requirements has varied. The Department of Defense, for example, claimed that its personnel, criminal, and counter-intelligence investigations in foreign countries had been jeopardized because host governments-necessary sources for DOD overseas investigators who often have no jurisdiction off the base or postdemand that the information they give, as well as their identities, be kept secret.26
The National Foundation on the Arts and Humanities reports that it has taken a subsection 3(k)(5) exemption for its files on grant applicants and claims that most third parties it asks to evaluate applicants' proposals request a pledge of confidentiality.27 The National Science Foundation (NSF) also claims that "a large percentage of references" continue to ask for confidentiality, and reports that there is a direct correlation between the rating given and the frequency with which confidentiality is requested-the lower the rating, the higher the frequency.28 The National Institutes of Health (NIH), whose current practice is to reveal the reviewer's identity (since it does not believe it can legitimately qualify for a 3(k)(5) exemption), believes that its own procedures for amending, appealing, and resubmitting a grant application are adequate without resort to Privacy Act procedures, which it too claims are making it difficult to find reviewers of grant applications.29
NIH and NSF have both attempted to develop data to support their arguments. In late 1975, NIH surveyed l,354 members of its initial grant review groups and advisory councils, asking them whether it would be beneficial to let grant applicants see the reviewers' critiques of their proposals, provided, of course, that the individual reviewers were not identified. Of the l,250 who responded, 53 percent favored allowing applicants see them, 41 percent were opposed, and 6 percent thought such a practice would have no effect, one way or the other. When asked whether the identity of the individual reviewers should also be revealed, however, 93 percent were opposed, five percent were in favor, and two percent thought the matter of no consequence.30 The NSF findings, however, were less clearcut. NSF has sections on its reference report forms in which sources can indicate if they want their identity kept confidential. In 1975, 40 percent requested confidentiality, 40 percent indicated no preference, and 20 percent made no choice whatsoever.31
The agencies have also reacted to the source disclosure issue in a variety of ways. Some, like NASA, no longer give a written pledge of confidentiality to employment references and to supervisors filling out merit-promotion appraisals, and even allow an individual access to any such record made about him prior to passage of the Privacy Act, regardless of whether the source was supposedly a confidential one.32 DHEW has interpreted the Act as not allowing pledges of confidentiality to reviewers of grant applications (hence, the NIH practice of disclosing reviewer identities), while the Treasury Department's Bureau of Alcohol, Tobacco, and Firearms allows an investigative source to be promised confidentiality without first asking for it if the Bureau agent seeking information determines that harm or embarrassment might otherwise result, or if the source is not being responsive.33 Some agencies have filed confidential references and merit-promotion appraisals by job rather than by the individual's name,34 thereby avoiding the Act's individual access requirement altogether, whereas others have attempted to solve the source disclosure problem procedurally.
At the Commission's October 1976 staff workshop on employment and personnel record keeping in the Federal government, DHEW participants stated that in spite of their efforts to keep sources in personnel investigations confidential, former supervisors were reluctant to provide information because they did not believe their identity could be adequately protected if the substance of their comments were released. Department of Transportation participants, however, said that they had solved that problem by asking their sources to indicate which items would identify them and then deleting the marked sections if, and when, the individual asks to see the record. Veterans Administration participants said that the VA gives supervisors the right not to have their names released but makes clear on its recommendation forms that the employee does have the right to see what is said. The General Services Administration (GSA) participants took an even stronger position, stating their belief that there is almost nothing in a personnel file that the individual should not see, and that GSA does not withhold the identity of anyone making a performance appraisal. The Civil Service Commission reported that it has developed a new file format for its investigations system (CSC/GOVT-4) that lists sources at the back of the file so that they can be easily separated from the information in the body of it.
IMPACT ON TYPE AND QUALITY OF INFORMATION MAINTAINED
The Privacy Act levies two obligations on the agencies with respect to their maintenance of records about individuals: subsection 3(e)(5), which requires an agency that maintains a system of records to
. . . maintain all records which are used by the agency in making any determination about any individual with such accuracy, relevance, timeliness and completeness as is reasonably necessary to assure fairness to the individual in the determination; . . . [5 U.S. C 552a(e)(5)]
and subsection 3(e),(10), which requires an agency to
. . . establish appropriate administrative, technical, and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained. [5 U.S. C 552a(e)(10)]
SUBSECTION 3(E)(5)
Alone, subsection 3(e)(5) seems to have had little effect on agency information management practices, but coupled with the requirements to publish annual systems notices, to provide Privacy Act Statements, to establish individual access procedures, and to collect information to the greatest extent practicable from the subject individual himself, it appears to have made some contribution to reducing the amount of information agencies maintain about individuals.
For the President's 1975 annual report on the Act, OMB asked each agency to report on all systems of records it had eliminated from its inventory as a consequence of the Act's passage, as well as any cases in which the amount of information in a system of records had been reduced.35 As noted in Chapter l, many agencies could not give any figures because they had not kept track. Others frankly stated that, even if their destruction of records had been better monitored, some of it would still never have been accounted for, since the existence of the records had never been acknowledged.36 Nevertheless, some, such as the Export-Import Bank,37 reported that the Privacy Act requirement that a system of records be publicly acknowledged had prompted them to eliminate some systems. Others, including the Interior Department38 and the Department of Transportation,39 said that they had disposed of records so as not to have to be responsible for managing them. Cross-index files and other methods of associating records with individuals were also destroyed by the Department of the Interior in order to reduce the number of agency systems subject to the Aet.40
The Foreign Service said that it had reduced the amount of material in its personnel records by 50 to 60 percent,41 and the Drug Enforcement Administration reported that it had destroyed some records after it discovered that they were being maintained without statutory authority.42
The U.S. Information Agency (USIA) eliminated records on 9,300 individuals from its Personnel Security and Integrity Records File.43 The Department of Housing and Urban Development explained that, in conducting research, personal identifiers are no longer retained for the life of a study;44 and the National Center for Health Statistics reported that it too had begun a stepped up system of removing personal identifiers from its records.45 In addition, some of the larger agencies predicted that systems would be eliminated in calendar year 1976 as the justification for maintaining them was reviewed and as small systems were consolidated into larger ones46
Another widespread effect of the Act was the destruction of (uncounted) duplicate records and unofficial or convenience files.47 NASA changed its policy so that supervisors may now maintain uncirculated notes and duplicates of official personnel files but not create their own personnel files 48 The Community Services Administration reported that the Act had prompted the routine shredding of outdated employment history reports on employees.49 The National Transportation Safety Board has stopped preparing its Christmas mailing list that once contained the names, home addresses, and home telephone numbers of its employees, and also removed employees' home addresses and home telephone numbers from its personnel locator.50 The International Trade Commission (ITC) ceased publishing a list of employees' home telephone numbers and addresses, and removed the Social Security number, home address, and telephone number from its carpool application forms.51
Indeed, the review of government forms sparked by the Privacy Act appears to have been one of the most important contributors to reducing the amount of information agencies maintain about individuals.52 The Civil Service Commission revised Standard Form 171 (the application for Federal employment) and also eliminated 20 subsystems. By abandoning just one subsystem, the Security Research Index which contained information on private citizens, only a small portion of whom had ever been applicants for Federal jobs, it eliminated records on 1.3 million individuals.53 Similarly, by ceasing to collect the Social Security numbers of approximately two million people per year, the Department of Labor, as noted earlier, turned a system on "Characteristics of Insured Unemployed" into one that no longer contains records on identifiable individuals.54
In its 1975 annual report, the Defense Department reported that it had reviewed approximately 371,000 forms for compatibility with the Act, destroying 58,560, and simplifying another 22,866.55 Among the materials eliminated were 300 of the 6,700 data elements in the Air Force personnel system 56 The obvious result was to reduce the amount of information the Department collects, as compared to the amount it collected prior to the passage of the Privacy Act, but not the number of records it already maintained on individuals.
Other small changes have been noted. For example, the Veterans Administration reported that since the enactment of the Privacy Act its professional staff is less apt to put unsubstantiated comments in an individual's record,57 and the International Trade Commission's position and personnel roster no longer lists age, marital status, or an indication of Civil Service retention group.58
On the other hand, subsection 3(e)(5) does not appear to have induced the agencies to make any significant changes in their day-to-day procedures for assuring accuracy, timeliness, and completeness. Agencies contend that they have always striven for accuracy, and that "relevant, timely, and complete" are terms that mean different things in different contexts. The latter, of course, is true, but it still seems remarkable that so few agencies have made any attempt to give the terms specific meaning within the recordkeeping operations for which they are respectively responsible. Noteworthy among the efforts to improve accuracy is the Department of Transportation's campaign to impress upon State motor vehicle registries the importance of submitting accurate information to the National Driver Register.59 The Register now receives an average of nine hundred correc tions and updates a day from the States, whereas the previous rate was around one hundred.60
Some agencies have also taken steps to keep their personnel records accurate and up-to-date. ACTION arranges for its employees to verify their personnel files once a year, as does the Pennsylvania Avenue Development Corporation.61 The Committee for the Purchase of Products from the Blind and Other Severely Handicapped does not allow any information to be placed in an employee's personnel file unless he has verified it in writing,62 nor does the Federal Reserve Board (FRB), whose practice in that regard antedates the Privacy Act. The FRB notifies an employee every time a correction is made in his file and annually submits certain parts of the file to him for reverification.63
Most agencies, however, have addressed the timeliness issue mainly by ridding themselves of records for which they have no current or continuing need. Some Departments have applied for and received foreshortened purging schedules from the National Archives. ACTION credits the Privacy Act with reducing the retention period for its volunteer service files from 75 years to seven.64 The Federal Bureau of Investigation is currently destroying some misdemeanor information after 10 years and some felony convictions after 20. Previously, it had maintained both indefinitely, and while the change cannot be attributed exclusively or even directly to the Privacy Act, it reflects a generally heightened sensitivity to the importance of keeping records about individuals up-to-date 65
The Act has affected some agencies' retention of unsolicited information. When the Pennsylvania Avenue Development Corporation receives an unsolicited resume from a prospective applicant, it either returns it or sends
a "Privacy Act Statement" to the applicant who is asked to sign and return it, thereby acknowledging that he has read it. No resume the Corporation retains is kept on file for more than a year.66 The Veterans Administration does not keep information on an unsuccessful applicant more than two years,67 and the Federal Trade Commission destroys the letters it receives from consumers after one year.68
Perhaps the most important observation to be made is that the changes that have occurred have by no means been uniform throughout the government. The retention period for information in an employee's official personnel folder is a case in point. The right-hand side of the folder is reserved for Civil Service Commission documents whose retention periods are set by the CSC, while the documents on the left-hand side, which vary from agency to agency and are apt to include performance ratings, letters of recommendation and records concerning disciplinary actions, have varying or no set retention periods. The IRS, the Veterans Administration, and the Postal Service purge them every two years. DHEW and GSA purge them annually. The VA purges them when an employee leaves the Administration. The Postal Service purges its supervisor's personnel records when an employee is transferred to another USPS division.69
SUBSECTION 3(E)(10)
There is a modest amount of legislative history on subsection 3(e)(10), the Privacy Act's so-called "safeguarding of information" provision, but it is enough to understand the legislative intent. According to the Senate Committee on Government Operations, it was intended that
the term "appropriate safeguards" should incorporate a standard of reasonableness and refer to those safeguards which represent current state-of-the-art procedures at any given time . . . .70
In taking this approach, moreover, the Committee believed it could "look forward to increasingly higher standards of reasonableness"-that it was purposely allowing for a "certain amount of risk management" wherein administrators would weigh the need for security measures against their cost and probable effectiveness.71
OMB assigned to the National Bureau of Standards (NBS) the task of developing and publishing guidelines to implement the computer security requirements implicit in subsection 3(e)(10). NBS took the approach of describing a wide variety of safeguards from which agencies could select those that met their needs. In its Federal Information Processing Standards (FIPS) Publication No. 31, published prior to passage of the Privacy Act, NBS had already developed a menu of fairly detailed physical security safeguards. In Computer Security Guidelines for Implementing the Privacy Act, FIPS Publication No. 41, published in August 1975, NBS described the need for risk assessment and examined the threats to data integrity which can arise from employee error and misuse, and from failing to control access to computer-based systems. NBS stressed the importance of standards for the maintenance of data, of rules of conduct for employees, of accounting and auditing mechanisms, and of physical security safeguards. Encryption, however, was only recommended for high-risk systems containing "sensitive" information.72
The implementation of subsection 3(e)(10) has varied. Some agencies have engaged in technological overkill and avoided more important administrative safeguards. Others have simply tightened their rules on locking file cabinets. The Commerce Department reports that since the passage of the Act, files are returned more quickly and kept locked more regularly.73 The Civil Service Commission provided additional locks for its files and revamped its access policies and procedures.74 The Department of Defense has likewise provided additional physical protection for its dataprocessing areas and strengthened its administrative safeguards against unauthorized access to its records on individuals.75 The Federal Aviation Administration claims that for the first time it has succeeded in getting personnel in the field to lock up investigative and medical files.76 The Overseas Private Investment Corporation has reduced the number of locations used for information storage,77 and the Drug Enforcement Administration has centralized and automated its system for monitoring disclosures.78 The Department of Health, Education, and Welfare has set an example for other agencies by establishing baseline security requirements to be met by all its components and, even more importantly, by establishing a vehicle for auditing compliance with them.79
OMB reports that in the nine months between the day the Privacy Act was passed and the day it took effect, Federal agencies spent $2.2 million on security safeguards they considered necessary to comply with the Act, and another $l.3 million in calendar year 1976.80 Despite these expenditures, however, many agency employees still wish for specific guidelines or standards that would keep them from having to worry about whether they are complying. Clearly, the Act has had a positive effect on security practices, and on employee awareness of them, but more effort must be devoted to establishing and, most important of all, to auditing compliance with administrative, physical, and technical security procedures.
IMPACT ON THE DISCLOSURE OF INFORMATION
Subsection 3(e)(4)(D) of the Privacy Act requires an agency to include in each annual system notice it publishes "each routine use of the records contained in the system, including the categories of users and purposes of such use." [5 U.S.C 552a(e)(4)(D)] The routine-use concept reflects a legislative compromise made shortly before the Privacy Act was passed. The Senate version of the Act would have required an individual's written consent before a record about him could be transferred from one agency to another, whereas the House version would have allowed all "housekeeping" disclosures to continue without restriction. The compromise routine-use concept is defined in subsection 3(a)(7) of the Act, which states that "with respect to the disclosure of a record," a "routine use" is "the use of such record for a purpose which is compatible with the purpose for which it was collected." [5 U.S.C. 552a(a)(7)]
Routine uses must be listed in annual system notices,81 in Privacy Act Statements [5 U.S.C 552a(e)(3)(C)], and, in addition, must be published for comment in the Federal Register at least 30 days before they are included for the first time in an annual system notice. [5 U.S.C 552a(e)(11)] The routine uses the agencies have established can be roughly divided into three categories: (l) government-wide; (2) agency-wide;and (3) system-specific.
Most of the government-wide routine uses have been established at the behest of the Department of Justice and the Civil Service Commission. These two agencies asked all the others to insert certain standard language in their annual system notices. Many agencies complied either with a preface to all of their published notices, or with a subparagraph of each one. The following prefatory statement published by the Environmental Protection Agency (EPA) is typical:
The following routine uses apply to and are incorporated by reference into each system of records set forth below:
1. In the event that a record within this system of records maintained by the Environmental Protection Agency indicates a violation or potential violation of law, whether civil, criminal or regulatory in nature, and whether arising by general statute or particular statute, or by regulation, rule or order issued pursuant thereto, the relevant records in the system of records may be referred to the appropriate agency, whether Federal, State, local or foreign charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing the statute, or rule, regulation or order issued pursuant thereto.
2. A record from this system of records may be disclosed to a Federal, State, or local agency maintaining civil, criminal, or other relevant enforcement information or other pertinent information, if necessary to obtain information relevant to an agency decision concerning the hiring or retention of an employee, the issuance of a security clearance, the letting of a contract, or the issuance of a license, grant, or other benefit.
3. A record from this system of records may be disclosed, as a routine use, to a Federal agency, in response to its request, in connection with the hiring or retention of an employee, the
issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant, or other benefit by the requesting agency, to the extent that the information is relevant and necessary to the requesting agency's decision on the matter.
4. A record from this sytem of records may be disclosed, as a routine use, in the course of presenting evidence to a court, magistrate or administrative tribunal, including disclosures to opposing counsel in the course of settlement negotiations.
5. A record from this system of records may be disclosed, as a routine use, to a Member of Congress submitting a request involving an individual when the Member of Congress informs the System Manager that the individual to whom the record pertains has authorized the Member of Congress to have access to the record. [41 F.R. 39695 (September 15, 1976)]
All systems include a routine use, allowing the disclosure of information to a congressional office, in response to an inquiry from the congressional office made at the request of the individual to whom the information pertains. Many, such as the following one published by the Interstate Commerce Commission, also authorize access to records by OMB:
The information contained in this system of records will be disclosed to the Office of Management and Budget in connection with the review of private relief legislation as set forth in OMB Circular No. A-19 at any stage of the legislative coordination and clearance process as set forth in that Circular. [41 F.R. 40430 (September 17,1976)]
Similarly, almost all notices allow for disclosures involving the hiring or retention of an employee, a possible violation of the law, or a statistical research program. The EPA prefatory statement quoted above is one example. Others, such as the following, are also typical:
Justice/USA-005 - Civil Case Files
(h) a record may be disseminated to a federal, state, local, foreign, or international law enforcement agency to assist in the general crime prevention and detection efforts of the recipient agency or to provide investigative leads to such agency or to assist in general civil matters or cases; [41 F.R. 40017 (September 16, 1976)]
Federal Trade Commission 126 - General Personnel Records
(k) [Information in the system may be used] as a data source for management information for production of summary descriptive statistics and analytical studies in support of the function for which the records are collected and maintained, or for related personnel management functions or manpower studies, may also be utilized to locate specific individuals for personnel research or other personnel management functions. [41 F.R. 39719-20 (September 15, 1976)]
Still another example of government-wide routine uses is found in the set of routine uses established for personnel records under the control of the Civil Service Commission. These read as follows:
Civil Service Commission/Govt-3 - General Personnel Records
Routine uses of records maintained in the system, including categories of users and the purposes of such uses: Information in these records may be:
a. Used in the selection process by the agency maintaining the record in connection with appointments, transfers, promotions, or qualifications determinations. To the extent relevant and necessary, it will be furnished upon request to other agencies for the same purpose.
b. Disclosed to other Government agencies maintaining relevant enforcement or other information if necessary to obtain from these agencies information pertinent to decisions regarding hiring or retention.
c. Disclosed to prospective employers or other organizations, at the request of the individual.
d. Disclosed to officials of foreign Governments for clearance before employee is assigned to that country.
e. Disclosed to educational institutions for training purposes.
f. Disclosed to the Department of Labor; Veterans' Administration; Social Security Administration; Department of Defense; Federal agencies who may have special civilian employee retirement programs; National, State, county, municipal, or other publicly recognized charitable or social security administration agency to adjudicate a claim for benefits under the Bureau of Retirement, Insurance, and Occupational Health or the recipient's benefit program(s), or to conduct an analytical study of benefits being paid under such programs.
g. Disclosed to health insurance carriers or plans participating in Federal Employees' Health Benefits Program in support of a claim for health insurance benefits.
h. Disclosed to Federal Employees' Group Life Insurance Program in support of an individual's claim for life insurance benefits.
i. Disclosed to labor organizations in response to requests for names of employees and identifying information.
j. If information indicates a possible violation of law, it may be disclosed to law enforcement agencies.
k. Disclosed to district courts to render a decision when an agency has refused to release to current or former Federal employee a record under the Freedom of Information Act.
l. Disclosed to district courts for use in rendering a decision when an agency has refused to release a record to the individual under Freedom of Information Act (FOIA).
m. Used to provide statistical reports to Congress, agencies, and the public on characteristics of the Federal work force.
n. Used in the production of summary descriptive statistics and analytical studies; may also be used to respond to general requests for statistical information (without personal identifier) under FOIA; or to locate individuals for personnel research or other personnel research functions.
o. Disclosed to the Office of Management and budget at any stage in the legislative coordination and clearance process in connection with private relief legislation as set forth in OMB Circular No. A-19.
p. Disclosed to the appropriate Federal, State, or local agency responsible for investigating, prosecuting, enforcing, or implementing a statute, rule, regulation, or order where there is an indication of a violation or potential violation of civil or criminal law or regulation.
q. Disclosed to an agency upon request for determination of an individual's entitlement to benefits in connection with the Federal Housing Administration programs.
r. To provide information to a congressional office from the record of an individual in response to an inquiry from a congressional office made at the request of that individual. [41 F. R. 42164 (September 24, 1976)]
s. Used to provide an official of another Federal agency any information he or she needs to know in the performance of his or her official duties related to reconciling or reconstructing data files, compiling descriptive statistics, and making analytical studies in support of the personnel functions for which the records were collected and are maintained. [41 F.R. 55568 (December 21, 1976)]
t. Disclosed to officials of labor organizations recognized under Executive Orders 11636 and 11491, as amended, when relevant and necessary to their duties of exclusive representa tion concerning personnel policies, practices, and matters affecting working conditions. [41 F.R. 544522 (December 14, 1976)]
u. Used to select employees for incentive awards and other honors and to publicize those granted. This may include diclosure to other public and private organizations, including news media, which grant or publicize employee awards or honors. [41 F.R. 55568 (December 21, 1976)]
v. Disclosed to another Federal agency or to a court when the Government is party to a suit before the court. [41 F. R 55568 (December 21, 1976)]
Agency-wide routine uses, which an agency established solely for its own record-keeping systems, are fewer in number than the other two types, but they are the ones that appear to be the most indiscriminate in applying the routine-use concept. For example, the Veteran's Administration provides for information in 16 separate systems to be disclosed to debt collection firms, and USIA provides for the disclosure of information in all its systems to any other government agency that has statutory or other lawful authority to maintain it. [41 F.R. 41884, 41905-6 (September 23, 1976)]
System-specific routine uses, as the rubric suggests, are those an agency establishes for a particular system it maintains. The disclosure of merit staffing reports to union representatives for equal employment opportunity purposes is a good illustration.
COMPATIBLE AND INCOMPATIBLE USES
One can find many routine uses that clearly meet the test of compatibility with the purpose for which the information was originally collected. Forwarding payroll information on a government employee to the Department of the Treasury so that a paycheck can be generated for him unquestionably meets the compatibility test. So do many other interagency transfers as the following typical notices illustrate.
Equal Employment Opportunity Commission/3 - Charge of Discrimination Case Files
1. to conduct compliance reviews with local, state and federal agencies, such as the Office of Federal Contract Compliance, Department of Justice, Department of Labor, Office of Revenue Sharing of the Treasury Department, Law Enforcement Assistance Administration, and other federal agencies as may be appropriate or necessary to carrying out the Commission's functions under the Title [See 42 U.S.C. 2000e-4(g)(l), 8(b) and (d)]; (2) sharing information contained in these records with state and local agencies administering state or local fair employment practices laws [See 42 U.S.C. 2000e4(g)(l), 8(b) and (d)]. [41 F.R. 42171 (September 24, 1976)]
Environmental Protection Agency/1 - Payroll System
To conduct all necessary and appropriate intra-agency payroll activities. To furnish information U. S. Treasury requires to issue paychecks and distribute pay according to employees' directions. To report tax withholding to IRS and appropriate State and local taxing authorities; FICA deductions to SSA; dues deductions to labor unions; withholdings for health and life insurance to insurance carriers and U.S. C.S.C.; charity contribution deductions to agents of charitable institutions; annual W-2 statements to taxing authorities and the individual. Also see routine use paragraphs in Prefatory Statement. [41 F.R. 39689 (September 15, 1976)]
FDIC/1 - Legal Intern Applicant System
Disclosure of information may be made in requesting information of individuals or concerns whose names were supplied by the applicant as references and/or past or present employers. [41 F.R. 40424 (September 17,1976)]
FDIC/12 - Payroll and Employee Financial Records
Information developed from these records is routinely provided to State, City and Federal income tax authorities, including, at the Federal level, the Internal Revenue Service and the Social Security Administration, and, to other recipients, as authorized by the employee, including the United States Treasury Department, savings institutions, insurance carriers and charity funds. Records are periodically made available for inspection to auditors employed by the Government Accounting Office. [41 F.R. 40427 (September 17,1976)]
Other routine uses, however, merely continue disclosures, regardless of compatibility, that an agency habitually made prior to passage of the Privacy Act. The following are good examples:
Justice/USA/001 - U. S. Administrative Files
A record may be disseminated to a federal agency, in response to its request, in connection with the hiring or retention of an employee, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant, or other benefit by the requesting agency, to the extent that the information relates to the requesting agency's decision on the matter. [41 F.R. 40015 (September 16, 1976)] (emphasis added).
Federal Revenue Systems/9 - FRB Consultant File
Routine uses include, but are not restricted to, selection, monitoring, evaluation and control, audit and analysis, routine management activity and statistical use without individual identification; verification and confirmation; and referral when used as a basis for prospective employment by other than the Board; to provide information or disclose to a Federal agency, or any other employer or prospective employer, in response to its request, in connection with the hiring or retention of an employee, the letting of a contract, or issuance of a license, grant, or other benefit by the requesting agency, to the extent that the information is relevant and necessary to the requesting agency's decision on the matter. [41 F.R. 39707 (September 15, 1976)] (emphasis added)
Allowing the recipient's needs to influence an agency's decision as to whether a disclosure should be deemed a proper routine use is not uncommon, and some are even more indiscriminate. For example, the routine uses established for the Department of Transportation's Documentation System countenance the disclosure of information to "anyone having business with or an interest in a documented vessel."82 Likewise, the routine uses for DOT's Merchant Vessel Casualty Reporting System include "use by the general public."83
Agencies also interpret the routine use provisions of the Act to permit the free flow of information to and between law enforcement and investigative units of government without having to comply with subsection
3(b)(7) that provides for the disclosure of a record about an individual
. . . to another agency or to an instrumentality of any governmental jurisdiction within or under the control of the United States for a civil or criminal law enforcement activity if the activity is authorized by law, and if the head of the agency or instrumentality has made a written request . . . specifying the particular portion [of the record] desired and the law enforcement activity for which the record is sought. . . . [5 U.S.C 552a(b)(7)] (emphasis added)
Law enforcement agencies particularly established broad-worded routine uses to assure the easy flow of information between organizations within the law enforcement community. The Bureau of Alcohol, Tobacco, and Firearms in the Treasury Department, for example, includes as a routine use of information in its "Criminal Investigation Report System" disclosure to "personnel of the Department of Justice and other agencies, Federal, State and local, foreign and domestic, having prosecutive and civil law enforcement functions." [41 F.R. 45446 (October 14, 1976)] Non-law enforcement agencies also adopt broad routine use provisions that facilitate the exchange of information with law enforcement agencies, a good example being the provisions the Veterans Administration ordinarily incorporates in its systems notices. [41 F.R. 9294 (March 3, 1976), Routine Uses 12 and 24]
On the other hand, some agencies apply the compatible-purpose test so strictly that agencies and other organizations accustomed to receiving information from them have complained that they are no longer able to fulfill their missions. For example, prior to passage of the Privacy Act, the Railroad Retirement Board (RRB) regularly obtained name, address, and benefit information from the Social Security Administration (SSA). It used this information to monitor the accuracy of payments it made to claimants under the Railroad Unemployment Insurance Act (RUIA), since, by law, the amount of RUIA benefits paid must take into account other social insurance, unemployment, or sickness benefits payable under any other law. For almost two years after the effective date of the Act, however, SSA's strict application of the compatible-purpose test made it impossible for RRB to obtain data from SSA files.
The Department of Labor had a similar problem. Several States have laws that require their unemployment insurance programs to verify the amount of any Social Security benefits a claimant receives. Initially, however, SSA did not establish such disclosures as a routine use of the information in its Earnings Recording and Self-Employment Income System and, thus, the affected States were forced to operate their unemployment compensation programs in violation of their own statutes.
These difficulties have been resolved in various ways. Both the Labor Department and the RRB problem were resolved by the routine-use notices SSA published on June 29, 1977. [42 F.R. 33079] In at least one other instance, the Congress overrode a routine-use determination in language so sweeping that it effectively nullifies the routine-use concept. In September 1976, the Congress amended the Veterans Administration's enabling legislation to require the head of any Federal department or agency to
provide such information to the Administrator [of the Veterans Administration] as he may request for purposes of verifying other information with respect thereto. [38 U.S.C. 3006]
In other situations, agencies have pursued more than one solution to the same problem. The Civil Service Commission, which is the agency responsible for most Federal personnel files, did not issue its guidelines on disclosures to labor unions representing Federal employees until 15 months after the Privacy Act took effect. Part of the reason for the delay was the CSC's effort to coordinate the drafting with the Federal employees labor union. Meanwhile, however, the Department of Defense and the Veterans Administration reduced the amount of information they were willing to give out to labor unions, while DHEW made no change. The American Federation of Government Employees was often excluded from labormanagement negotiations in which information in records subject to the Privacy Act was to be discussed unless the union first obtained the express written consent of all employees concerned. The USPS was charged with an unfair labor practice for refusing to disclose certain records subject to the Privacy Act. At the VA, unions were not allowed to review merit promotions at all, whereas at DHEW merit promotion records were released with the names removed in response to a Freedom of Information Act request.
The confusion was finally dispelled at the end of December 1976 when the Civil Service Commission published Federal Personnel Manual (FPM) Letter 711-126 explaining a routine-use notice it had published two weeks earlier. The notice provided that information about an individual could be disclosed to labor unions without his consent "when relevant and necessary to their duties of exclusive representation concerning personnel policies and practices and matters affecting working conditions." The CSC, however, instructed the officials responsible for making such disclosures to provide information whenever possible without personal identities attached, and to withhold highly sensitive information that could reasonably be expected to harm the individual if disclosed, unless and until the individual authorizes its release. This was interpreted to mean that information concerning salary, title, veterans' preference, and awards received should be released, but information concerning marital status, age, grades in training courses, allegations of misconduct, or proposed disciplinary actions should not.84
At least one other knotty routine-use problem was resolved by avoiding the compatibility criterion altogether. Within days of enacting the Privacy Act, the Congress passed another law that authorized State parentlocator units to obtain information on absent parents from the Social Security Administration. SSA, however, interpreted such disclosures as incompatible with the purpose for which the information in its files was originally collected and thus resisted establishing them as a routine use. The matter was resolved when the DHEW Secretary decided that the DHEW Parent Locator Service (at the time administered by the Social and Rehabilitation Service, another DHEW component) could obtain the information from SSA on an intra-agency "need-to-know" basis (i.e., as provided in subsection 3(b)(1) of the Act) and then disclose it to the States as a routine use (i.e., as provided in subsection 3(b)(3)).85
Some agencies have also decided that a statutory requirement to disclose information enacted before the Privacy Act can be construed as automatically meeting the compatible-purpose test.86 On its face, such a determination seems reasonable, but it also assumes that each of the many disclosure requirements in the U.S. Code would survive an examination that weighed the recipient agency's need for the information against the individual's interest in protecting his personal privacy. An even murkier area is where a preexisting statute authorizes but does not require a disclosure that would not meet the Privacy Act's compatible-purpose test. How such statutory authorization should be treated is an area of interpretative controversy that remains largely unresolved.
Finally, some officials claim that agencies have begun to "trade" routine uses. That is, when one agency wants information maintained by another, it asks the agency holding the information to publish a routine use allowing the information to be disclosed to it, and the holding agency agrees so long as the requesting agency in turn publishes a reciprocal routine use allowing information in its records to flow the other way. There is nothing illegal about this so long as all published routine uses meet the compatiblepurpose test. Yet, from a privacy protection viewpoint, it would seem preferable for an agency that wants information about an individual from another agency to require the individual to sign an authorization allowing it to acquire the information it seeks rather than to handle the matter as a quid pro quo arrangement, of which the individual is likely to be unaware
DISCRETIONARY ROUTINE USES
To facilitate implementation of the Freedom of Information Act, several agencies have declared certain disclosures to the public to be routine uses. Examples include the following:
Interstate Commerce Commission/VII - Consumer Complaint System
This is a public file available for public review under the terms of the Freedom of Information Act. Individuals submitting special complaint correspondence to the Commission, unless identifying their desire to remain anonymous, will not be protected from disclosure of the information contained within the complaint letter. [41 F.R. 40433 (September 17,1976)]
Federal Deposit Insurance Corporation/44 - Changes in Bank Control Ownership Records
The name of the bank whose control has changed, the seller and purchaser, and the number of shares involved may be distributed to periodicals for publication. [41 F.R. 40425 (September 17, 1976)]
Privacy Protection Study Commission/] - Commission Member and Staff Personnel Records
Files on current employees and commissioners may contain biographic background information, the disclosure of which would not constitute a clearly unwarranted invasion of personal privacy and may therefore be made available to the press and the public. [41 F.R. 40436 (September 17, 1976)]
In addition, some agencies have published routine-use notices on their internal uses of information, even though the Act does not require them to do so. The following are typical examples:
U. S. International Trade Commission/1 - Employment and Financial Disclosure Records
These records and information in these records may be used:
a. By the Deputy Counselor for Employee Responsibilities and Conduct to determine whether or not an employee has a direct or indirect financial interest which conflicts substantially, or appears to conflict substantially, with his U.S.I.T.C. duties or responsibilities.
b. By the Deputy Counselor to determine whether a U.S.I.T.C. employee has engaged in, directly or indirectly, a financial transaction as a result of, or primarily relying on, information obtained through U.S.I.T.C. employment.
c. For review by the Deputy Counselor. The Deputy Counselor is responsible for maintaining these records in confidence and may not disclose information from these records to other persons or agencies except as the Civil Service Commission or the Chairman of the U.S.I.T.C. may determine for good cause shown. [41 F.R. 40045 (September 16, 1976)]
U.S. International Trade Commission/2 - Budgetary and Payroll Related Records
These records are used only for the purpose of computing the budget and keeping a record of certain employees' expenses. [41 F. R. 40045 (September 16, 1976)]
Consumer Product Safety Commission/10 - Employee Merit Promotion Program
These records and information in the records may be used:
OVERALL IMPACT ON DISCLOSURES TO THIRD PARTIES
The Privacy Act appears to have caused a modest decline in the amount of information about individuals that agencies disclose to others. By and large, however, the impact has been at the margins of agency practice.
For example, prior to the Act the State Department regularly reported to the FBI, the CIA, and the IRS on Americans living overseas. This practice has now been curtailed and the release of such information is limited to published routine uses or law enforcement requests.87 The National Labor Relations Board has stopped releasing the forwarding addresses of former employees to their credit union,88 and the Civil Service Commission no longer discloses applicants' examination scores to their parents and spouses.89 The Civil Service Commission has limited the disclosures they will make of information in an individual's retirement records 90
Other agencies have altered their policies on disclosures to the press. The Postal Service no longer releases information on individuals currently under investigation,91 and the Customs Service has limited the amount of information it makes available about an arrest 92 The Secret Service, in some cases, requires the press to obtain an individual's written authorization before it will release information about him,93 and the USIA now requires an authorization before releasing photographs or biographic information on agency personnel.94 Many agencies have also stopped disclosing information to "Call for Action" organizations and to lawyers inquiring on behalf of clients unless they have a written authorization from the individual to whom the information pertains. "Call for Action" organizations, in particular, have complained that this unduly prolongs the process of obtaining information and seriously undermines their value to the public. Researchers are another category of nongovernmental users of agency records that have had trouble getting information from the agencies since the Act took effect 95
On balance, however, not much has changed. Agencies with law enforcement functions complain about other agencies' reluctance or outright refusal to disclose information to them. The Federal Aviation Administration, for example, has reported a slight impairment of its operations as a consequence of limits placed on the release of security and enforcement information by other agencies,96 and the Postal Service has reported that several Federal agencies have been willing to respond to law enforcement requests only when the requests were made through U. S. attomeys.97 NASA says that its law enforcement requests are no longer granted automatically; that it can take two-to-three-weeks to obtain information the agency used to be able to get by telephone.98 The FBI claims that its ability to obtain information from other agencies has been hampered by the Act, although it notes that it also gives out less information today than it used to.99
In their 1975 annual reports, the most frequently cited change in agency disclosure policy was the addition of a requirement that an individual's prior written authorization be obtained before information about him is disclosed in response to credit inquiries and employment verification requests.100 Some agencies, such as the Community Services Administration, also reported that the mere existence of individual authorization procedures has greatly reduced the number of attempts to gain unauthorized access to information pertinent to complaints about discrimination and unfair labor practices.101 Still others complained about the extra time involved in obtaining an individual's written authorization, suggesting that they are, in fact, doing so more frequently than in the past.
The one type of disclosure on which the Act appears to have had no impact at all is the ubiquitous internal agency disclosure; i.e., the disclosure of information by one agency component to another. Because the Act uses the Freedom of Information Act definition of "agency," such disclosures can be handled as subsection 3(b)(1) disclosures (i.e., to officers and employees of the agency who have a need for the record in the performance of their duties) rather than as routine uses that would have to meet the compatible-purpose test. The Social Security Administration disclosures to the DHEW Parent Locator Service mentioned earlier offer one example of how subsection 3(b)(1) can work within a large agency, and DHEW is not the only large Federal agency with many different components. It appears that the ease with which such "internal" disclosures can be made is not being abused, although the potential for abuse is certainly there. In addition, by failing to put constraints on internal disclosures the Act effectively deprives an individual of the ability to find out where information about him has gone and the uses to which it was put within the agency that maintains it, unless an agency voluntarily takes steps to inform him.
KEEPING TRACK OF DISCLOSURES
Section 3(c)(1) of the Privacy Act requires each agency to keep an accurate accounting of
(A) the date, nature, and purpose of each disclosure of a record to any person or to another agency made under subsection (3)(b) . . .; and
(B) the name and address of the person or agency to whom the disclosure is made . . . . [5 U.S.C. 552a(c)(1)(A), (B)]
There are only two exceptions to this requirement. No accounting need be made of disclosures "to those officers and employees of the agency which maintains the record who have a need for the record in the performance of their duties" (as provided in subsection 3(b)(1)), or of disclosures that are required by the Freedom of Information Act (as provided in subsection 3(b)(2)).
The Act's accounting of disclosures requirement has three objectives: (l) to provide an individual with a listing of the uses and disclosures of a record about him; (2) to facilitate the propagation of corrections; and (3) to promote internal agency auditing and compliance monitoring. Currently the emphasis is on the first objective and the agencies have used several different methods to achieve it.
The Act calls for an "accounting" rather than a "record" of each disclosure, thereby indicating that an agency may use any method of accounting it chooses, so long as it has the capacity to respond to an individual's request for a list of the disclosures it has made of a record about him.102 Thus, it is not surprising that the agencies have handled the accounting requirement in a variety of ways.
For example, the Civil Service Commission and the Social Security Administration, will, in some cases, make a copy of whatever has been disclosed and note on it the accounting information the Act requires them to keep. The copy is filed with the individual's record so he has access to it at the same time that he has access to the record itself. Other agencies merely keep a description of each disclosure on file, either with the individual's record or as an appendage to the system of records. The latter method is commonly used in accounting for mass disclosures, such as disclosures of payroll information to the Treasury Department.
The Act requires an agency to maintain its disclosure accountings for five years or the life of the record, whichever is longer. [5 U.S. C 552a(c)(2)] It is too soon to assess the impact of this retention requirement, but the Community Services Administration claims that it has already postponed retiring some records so that the accounting of disclosures can be kept with them for the mandatory five years.103
Of all the requirements in the Privacy Act, the accounting of disclosures is the one the agencies have criticized most. OMB reported in March 1977 that, as of the previous September, complying with the accounting requirement has cost the agencies more than $10 million. Some agencies have even looked for ways around the requirement. As described earlier, the DHEW Guaranteed Student Loan Program tried, unsuccessfully, to get applicants to authorize it not to keep an accounting of the disclosures it makes about them in the course of processing loan applications. The Social Security Administration contends that to fulfill the accounting requirement effectively its computer systems would have to be totally redesigned and that only a handful of individuals have ever asked to see the accountings SSA keeps.104
The Department of Defense reports that some of its components have had a hard time implementing the accounting of disclosures requirement, but that the Department of the Air Force has developed an efficient, wholly computerized method for keeping track of its disclosures of military personnel records. Called the Privacy Act Tracking System, it not only logs all disclosures, all amendments, and all statements of dispute, but also prints out a list of all prior recipients of a record who need to be informed of any change made in it.105
A frequently heard complaint is that an accounting must be made in situations where the need to propagate corrections does not arise-for example, when payroll records are being audited, or when disclosures are made for statistical purposes only. There is also some question as to whether subsection 3(c) requires an accounting every time an individual is given access to a record about himself. Many agencies keep an accounting only if an individual specifically cites the Privacy Act when asking to see a record. For example, many agencies that permitted an employee to have access to his personnel records before the Privacy Act required them to do so, continue to use their pre-Privacy Act procedures.106 Finally, there is uncertainty about whether an accounting need be kept of a disclosure to a Congressional office that asks for a record on behalf of the individual to whom it pertains. The IRS considers a Congressman to be the designated representative of an individual, and thus, someone to whom a record may be disclosed without an accounting, so long as he has in hand a letter from the individual requesting the Congressman's assistance.107 Of the other agencies the Commission staff contacted, however, all require that an accounting be kept of such disclosures.
Although the accounting of disclosures requirement could be modified without diminishing its utility as a check on agency practice,108 it clearly should not be abandoned altogether, as some agencies have argued. The individual's interest in reviewing the accountings agencies keep of their disclosures of records about him should not be the sole measure of the requirement's value. Many individuals do not know that the accountings exist or that they have a right to review them. Moreover, the accountings can be of great help in propagating corrections and in conducting the audits of agency compliance with the Act that will become increasingly important as more and more records and record systems are automated.
PROPAGATION OF CORRECTIONS
If an agency record about an individual is inaccurate, there are three basic ways for it to get corrected: (1) the individual to whom it pertains can ask that it be corrected; (2) the agency can discover the error and correct it on its own initiative; or (3) a third party can supply information that brings the error to the agency's attention. (For simplicity's sake, amendments to records and statements of disagreement resulting from an agency's refusal to correct or amend a record are all being treated here as "corrections.")
Furthermore, when a record is, in fact, corrected there are numerous destinations to which the correction could be propagated. For example, it could be propagated to the sources of the erroneous information; to past
recipients of the erroneous information both within and without the agency; to all recipients to whom the agency provides the information in the future; and to recipients specifically designated by the individual. Obviously, there are many possible combinations of correction methods and destinations, but the Privacy Act ignores most of them. It does not require that any corrections be propagated to previous recipients of the erroneous information within the agency; does not require that corrections be propagated to sources; does not allow an individual to designate recipients to whom he would like to have corrections propagated; and does not require an agency to propagate automatically to anyone any correction it makes on its own initiative or that is precipitated by information it receives from a third party.
The OMB Guidelines attempted to cope with this situation by encouraging agencies
to provide corrected information to previous recipients, irrespective of the means by which the correction was made . . . [and] particularly when the agency is aware that the correction is relevant to the recipient's uses . . . .109
In other words, if OMB's guidance were followed, all changes except normal updates would be propagated to past recipients outside the agency. It appears, however, that OMB's guidance is not being followed because the guidance is general, the burden is high, and the agencies are under no obligation to comply.
From the individual's point of view, the most important problem stems from the Act's failure to require that corrections be propagated from one system to another within an agency. Federal employment and personnel
records, for example, frequently exist in multiple copies or in a variety of derivative record-keeping systems, so unless a correction is automatically propagated to all of them, an individual who arranges to get a record corrected in one place may still be plagued by uncorrected versions of it elsewhere. Propagating corrections internally, however, would make it necessary for an agency to maintain audit trails similar to the disclosure accountings currently required for external agency transfers, thereby adding to the accounting burden about which the agencies now complain so bitterly.
One way to reduce the existing burden would be to give the individual a role to play in determining when a correction should be propagated and to otherwise relate the propagation of corrections requirement to a measure of its likely benefit to the individual. At present, there is no time limit or test for determining the importance to the individual of having a correction propagated; where a propagation must be made, it must be made for the life of the record. In the extreme case, if an agency knew that an employee's performance rating was incorrectly transmitted to another agency 20 years previously, when he was being considered for a job there, it would have to send the agency the corrected version even though the information could no longer have any bearing on the individual's employment situation. Indeed, the current propagation requirement could even result in the reopening of a file that had long ago been sent off to storage.
The Privacy Act also contains no provision requiring a correction to be propagated to the source of the error. When the source is an individual acting on his behalf this is probably unnecessary. But when the source is another agency, or another record system within the same agency, propagation can be an important safeguard against the repeated dissemination of inaccurate information.
Finally, it is frequently, and not illogically, assumed that correction of an error in an agency record automatically generates a review of any decision or determination that has been made on the basis of the erroneous information. Yet, as far as the Privacy Act alone is concerned, the assumption is unfounded; the Act contains no "right of reconsideration." That is, the Privacy Act by itself does not obligate an agency to reconsider or re-examine any decisions or determinations it has made about an individual on the basis of erroneous information, though statutory program requirements and constitutional due process standards may.
While the Commission staff encountered frequent comments on the question of whether or not a right of reconsideration ought to be included in the Act, the Commission reached no resolution of the issue. In most instances, a right of reconsideration is not needed in the Privacy Act, since an individual ordinarily has an avenue of administrative appeal in the program area for which the record in question is maintained. For example, once an individual has corrected his personnel record or his benefit eligibility record, he can employ existing administrative remedies to cause reconsideration of any decision or determination made on the basis of the previously inaccurate information. As records increasingly substitute for direct contact between an individual and an agency, however, and as the automatic propagation of corrections made by an agency on its own initiative becomes commonplace, it may be necessary to consider whether there are circumstances in which an individual should be notified that such a correction has been made so that he will be able to avail himself of the reconsideration rights and procedures available to him.
1It should be noted that subsection 3(a)(3) of the Act defines "maintain". as including the terms "collect, use or disseminate." Consequently, any limitation on the maintenance of information carries with it an implicit limitation on collection.
2U.S. Department of Labor, "1975 Annual Report on the Privacy Act of 1974," p. 6.
3Federal Personal Data Systems Subject to the Privacy Act of 1974, Second Annual Report of the President, Calendar Year 1976, (hereinafter President's Second Annual Report), pp. 11, 12.
4Program Research Staff Assistant, Research Division, Veterans Administration at the Privacy Protection Study Commission Staff Workshop on Research and Statistical Records, October 25, 1976.
5Chief, Program and Policy Development Office, Bureau of the Census (U. S. Department of Commerce), at the Privacy Protection Study Commission Staff Workshop on Research and Statistical Records, October 25, 1976.
6U. S. National Science Foundation, "1975 Annual Report on the Privacy Act of 1974," p. 5.
7This practice is being contested under the Privacy Act in Robert Gang v. United States Civil Service Commission, Civil Action No. 76-1263, (D.D.C., 1976).
8Privacy Protection Study Commission staff interview with the Assistant Chief, Division of Program Planning and Management, Bureau of Personnel Investigations, U. S. Civil Service Commission, May, 1977.
9U. S. National Foundation on the Arts and Humanities, "1975 Annual Report on the Privacy Act of 1974," p. 4.
10U, S. National Aeronautics and Space Administration, "1975 Annual Report on the Privacy Act of 1974," III, p. 4.
11U, S. Department of Labor, "1975 Annual Report on the Privacy Act of 1974," III, p. 5.
12For a further discussion of Section 7 and its impact, see Personal Privacy in an Information Society, Final Report of the Privacy Protection Study Commission (Washington, D.C.: U. S. Government Printing Office, 1977), Chapter 16.
13President's Second Annual Report, p. 12.
14U. S. Department of State, "1975 Annual Report on the Privacy Act of 1974," III(b), pp. 7-8
15U.S. Securities and Exchange Commission, "1975 Annual Report on the Privacy Act of 1974," p. 19.
16U.S. National Aeronautics and Space Administration, op. cit., III, p. 2.
17U.S. Civil Service Commission, "1975 Annual Report on the Privacy Act of 1974," III, p. 2.
18U. S. Department of Defense, "1975 Annual Report on the Privacy Act of 1974," p. 32.
19Canal Zone Government, "1975 Annual Report on the Privacy Act of 1974," III, p. 5.
20U. S. Energy Research and Development Administration, "1975 Annual Report on the Privacy Act of 1974," III, p. 5.
21For a discussion of the Family Educational Rights and Privacy Act of 1974 see Personal Privacy in an Information Society, op. cit..., Chapter 10.
222U.S. Social Security Administration (Department of Health, Education, and Welfare) "1975 Annual Report on the Privacy Act of 1974," p. 17.
23U S. Secret Service (Department of the Treasury), "1975 Annual Report on the Privacy Act of 1974," III, p. 1.
24U. S. Office of Management and Budget, "Privacy Act Implementation: Guidelines and Responsibilities," (hereinafter, OMB Guidelines), 40 F.R. 28973 (July 9, 1975).
25Ibid., p. 28974.
26U. S. Department of Defense, op. cit., pp. 31-32.
27U. S. National Foundation on the Arts and Humanities, op. cit., p. 3.
28Letter from Herman G. Fleming, Privacy Act Officer, U.S. National Science Foundation, to the Privacy Protection Study Commission, October 26, 1976.
29Letter from Thomas E. Malone, Associate Director for Extramural Research and Training, Public Health Service, U. S. National Institutes of Health, (Department of Health, Education, and Welfare), to the Privacy Protection Study Commission, February 1, 1976.
30Ibid.
31U.S. National Science Foundation, 1975 Annual Report, op. cit., p. 5.
32U . S. National Aeronautics and Space Administration, op. cit., III, p. 3.
33U. S. Bureau of Alcohol, Tobacco & Firearms (Department of the Treasury), "1975 Annual Report on the Privacy Act of 1974," pp. 1-2.
34All the agencies at the Privacy Protection Study Commission October 29, 1976 Staff Workshop on Employment and Personnel Records said they did not publish their promotion files as systems of records. This included the Civil Service Commission; the Department of Defense; the Federal Aviation Administration (Department of Transportation); the General Services Administration; the Department of Health, Education, and Welfare; the National Bureau of Standards (Department of Commerce); the National Labor Relations Board; the Postal Service; the State Department; the Treasury Department; and the Veterans Administration.
35U. S. Office of Management and Budget, Circular No. A-108, Transmittal Memorandum No. 2, "Reporting Instructions for the Annual Report to the Congress under the Privacy Act of 1974," March 25, 1975, p. 4.
36U.S. Department of Defense, op. cit., p. 29.
37Export-Import Bank of the United States, "1975 Annual Report on the Privacy Act of I974," III, p. 1.
38U. S. Department of the Interior, "1975 Annual Report on the Privacy Act of 1974," III, p. 5.
39U. S. Department of Transportation, "1975 Annual Report on the Privacy Act of 1974," Office of the Secretary, III, p. 2.
40U. S. Department of the Interior, op. cit.
41Records Management Regulations Division Chief, Bureau of Personnel, U.S. Department of State, Privacy Protection Study Commission Staff Workshop on Employment and Personnel Records, October 29, 1976.
42U. S. Drug Enforcement Administration (Department of Justice), "1975 Annual Report on the Privacy Act of 1974," II, p. 6.
43U. S. Information Agency, "1975 Annual Report on the Privacy Act of 1974," III, p. 2.
44 U.S. Department of Housing and Urban Development, "1975 Annual Report on the Privacy Act of 1974," p. 6.
45U.S. Department of Health, Education, and Welfare, "1975 Annual Report on the Privacy Act of 1974," p. 16.
46In the President's 1976 annual report, however, OMB said that the number of systems had not been significantly reduced. (President's Second Annual Report, p. 21)
47Agencies reporting such destruction included the Agriculture Department, the Community Services Administration (which reported destroying 129 cubic feet of such records), CSC, DOD, the Environmental Protection Agency, ERDA, the Federal Reserve Board, the Federal Power Commission, GSA, OMB, the Postal Rate Commission, the Department of Transportation, the Department of the Treasury, the International Trade Commission, and the Canal Zone Government.
48U.S. National Aeronautics and Space Administration, op. cit., III, p. 1.
49U.S. Community Services Administration, "1975 Annual Report on the Privacy Act of I974," p. 4.
50Letter from Fritz L. Puls, General Counsel, U.S. National Transportation Safety Board, to the Privacy Protection Study Commission, October 1, I976.
51U. S. International Trade Commission, "I975 Annual Report on the Privacy Act of 1974," p.4.
52 The Social Security Administration reported the elimination of five information collection forms and the National Institutes of Health withdrew twenty. The Departments of Treasury and State, the Federal Reserve Board, NASA and the SEC also reported discontinuation of some information collection. Other agencies reporting a reduction in the amount of information they maintain included ERDA, the FAA, the National Science Foundation, the Department of the Navy, and the Overseas Private Investment Corporation (which reported a 2 to 3 percent reduction).
53U. S. Civil Service Commission, op. cit.., III, p. 1.
54U . S. Department of Labor, op. cit.., p. 5.
55U.S. Department of Defense, op. cit.., p. 23.
56Briefing by the Department of Defense on Employment and Personnel Records for Dr. Alan F. Westin of Columbia University, August 9, I976.
57U.S. Veteran's Administration, "1975 Annual Report on the Privacy Act of 1974," III, p. 4.
58U. S. International Trade Commission, op. cit..
59This program is one in which States may voluntarily participate. Its system of records contains information on 5.5 million drivers who have been denied a license or whose license has been revoked or suspended. Prior to the passage of the Privacy Act, individuals were unable to see their NDR records.
60Privacy Protection Study Commission staff interview with the Privacy Act Coordinator, U. S. National Highway Traffic Safety Administration (Department of Transportation), August 26, 1976.
61U.S. ACTION Agency, "1975 Annual Report on the Privacy Act of 1974," II, p. 4; Pennsylvania Avenue Development Corporation, "1975 Annual Report on the P62rivacy Act of 1974," II, p. 2.
62U.S. Committee for Purchase from the Blind and Other Severely Handicapped, "I975 Annual Report on the Privacy Act 0f 1974," II, (d).
63U.S. Federal Reserve Board, "I975 Annual Report on the Privacy Act of I974," p. 3.
64 U.S. ACTION Agency, op. cit.., III, p. 4.
65Belair, op. cit..., p. 486.
66U.S. Pennsylvania Avenue Development Corporation, op. cit., III, p. 3.
67Director, Evaluation and Systems Services, Office of Personnel, U.S. Veterans Administration at the Privacy Protection Study Commission Staff Workshop on Employment and Personnel Records, October 27, 1976.
68Privacy Protection Study Commission staff interview with the Deputy Secretary to the Commission, U.S. Federal Trade Commission, October 7, 1976.
69Reported at the Privacy Protection Study Commission Staff Workshop on Employment and Personnel Records, October 29, 1976.
70Protecting Individual Privacy in Federal Gathering, Use and Disclosure of Information, Report of the Committee on Government Operations, U. S. Senate, 93rd Congress, 2nd Session, 1974, p. 54.
71Ibid, p. 55.
72U. S. National Bureau of Standards (Department of Commerce), Federal Information Processing Standards Publication No. 41, Computer Security Guidelines for Implementing the Privacy Act (May 30, 1975).
73Privacy Protection Study Commission staff interview with the Chief, Information Management Division, Office of Organization and Management Systems, U.S. Department of Commerce, November 2, 1976.
74U. S. Civil Service Commission, op. cit., II, p. 2.
75 U. S. Department of Defense, op. cit., p. 25.
76Privacy Protection Study Commission staff interview with a Personnel Management Specialist, U. S. Federal Aviation Administration (Department of Transportation), October 12, 1976.
77U.S. Overseas Private Investment Corporation, "1975 Annual Report on the Privacy Act of 1974," II, p. 1.
78U. S. Drug Enforcement Assistance Administration (Department of Justice), op. cit., II, p. 2.
79It established a task force on this issue and published its own Information Processing Standards Publication.
80President's Second Annual Report, p. 23.
81This is required by OMB, not by the Act itself. See U.S. Office of Management and Budget, Circular A-108, Transmittal Memorandum No. 1, New Systems Reports, 40 F.R. 45877-78 (October 3, I976).
82Office of the Federal Register, Privacy Act Issuances, I976 Compilation, Volume 2, p. 471.
83Ibid, p. 470.
84U. S. Civil Service Commission, Federal Personnel Manual System Letter 711-126, December 30, 1976.
85Belair, op. cit..., pp. 503-04.
86U. S. Interstate Commerce Commission, "System of Records," 41 F.R. 40430 (1975); 28 U.S.C. 534.
87U. S. Department of State, 1975 Annual Report, op. cit..., III, p. 8.
88U.S. National Labor Relations Board, "1975 Annual Report on the Privacy Act of I974," III, p. 3.
89U. S. Civil Service Commission, 1975 Annual Report, op. cit., III, p. 3.
90Ibid., p. 4.
91U. S. Postal Service, "I975 Annual Report on the Privacy Act of 1974," III, p. 2.
92U. S. Customs Service (Department of Treasury), "1975 Annual Report on the Privacy Act of 1974," p. 6.
93U. S. Secret Service (Department of the Treasury), op. cit..., III, p. 2.
94U.S. Information Agency, op. cit..., III, p. 3.
95Testimony of Dr. Leonard T. Kurland, Mayo Clinic, Privacy Protection Study Commission Medical Records Hearings, June 1I, I976, pp. 569-70.
96U. S. Federal Aviation Administration (Department of Transportation), "I975 Annual Report on the Privacy Act of 1974," III, p. I.
97U. S. Postal Services, op. cit..., III, p. I.
98U.S. National Aernautics and Space Administration, op. cit..., p. 2.
99U. S. Federal Bureau of Investigation (Department of Justice), "I975 Annual Report on the Privacy Act," pp. 7-8.
100Reported in their 1975 annual reports by the Bureau of Engraving and Printing (Treasury Department); the Department of the Air Force (DOD); the Coast Guard (Department of Transportation) which continues to give out rank, base pay, duty station and telephone number without consent; TVA, which has discontinued the practice of suggesting candidates for employment without their written consent; GSA; the Consumer Product Safety Commission; the Federal Deposit Insurance Corporation; the Federal Maritime Commission; the Federal Reserve Board, which only gives out dates of employment and title without the individual's written consent; the International Trade Commission, which gives job title, grade, salary, and duty location in response to telephone inquiries; NASA, which only releases what it would be required to disclose under the FOIA; the National Credit Union Administration; the Occupational Safety and Health Review Commission; the Pennsylvania Avenue Development Corporation; the Export-Import Bank; the Council on Environmental Quality, which only gives title, length of employment and salary without the individual's written consent. The Federal Home Loan Bank Board has made such disclosure a routine use of the information in at least one of its systems of records.
101U.S. Community Services Administration, op. cit..., p. 4.
102Privacy Act of 1974, Report of the Committee on Government Operations, U. S. House 0f Representatives, 93d Congress, 2nd Session, 1974, p. I4.
103U. S. Community Services Administration, op. cit..., p. 6.
104Privacy Protection Study Commission staff interview with the U. S. Social Security Administration (Department of Health, Education, and Welfare), January 12, 1976.
105Briefmg by the Department of Defense 0n Employment and Personnel Records, op. cit.
106Tbis was reported by the National Bureau of Standards (Department of Commerce), the U.S. Postal Service; the National Labor Relations Board; the General Services Administration; the Department of Defense; the Coast Guard and the Federal Aviation Administration at the Department 0f Transportation; the Treasury Department; the Veterans Administration; and the Department of Health, Education, and Welfare at the Privacy Protection Study Commission Staff Workshop on Employment and Personnel Records, October 25, I976.
107Reported by a Personnel Management Specialist, Division of Personnel, U. S. Internal Revenue Service (Department of the Treasury), at the Privacy Protection Study Commission Staff Workshop on Employment and Personnel Records, October 29, I976.
108Infra, Chapter 3.
109OMB Guidelines, p. 28956.