History of the Privacy Act of 1974

The following material is from:

The Privacy Act of 1974 A Reference Manual for Compliance by Aruthur A. Bushkin and Samuel I. Schaen, published by System Development Corporation (McLean, Virginia), 1975

Roots of the Privacy Act of 1974 can be traced as far back as 1965 when hearings were held by the House of Representatives Special Subcommittee on Invasion of Privacy. Since then, several congressional committees have held numerous hearings and issued a number of reports on such topics as national data banks, commercial credit bureaus, and the effect of computers on personal privacy.

One of the more significant influences on the Privacy Act (as well as on other Federal, state, and local privacy legislation) was the Report of the Secretary's Advisory Committee on Automated Data Systems commissioned by the Department of Health, Education and Welfare.  This report, entitled Records, Computers, and the Rights of Citizens, recommended a "Code of Fair Information Practice" consisting of five basic principles: [HEW Rept., p 41]

1. "There must be no data record-keeping systems whose very existence is secret."  This has been reflected in the Privacy Act by provisions requiring the publication of an annual public notice in the Federal Register, as well as public notices for changes to an existing system of records or the establishment of a new system of records.

2. "There must be a way for an individual to find out what information about him is in a record and how it is used." Provisions of the Act permit an individual to view and receive a copy of any record(s) about him contained in a system of Federal records whose disclosure is not exempted by a provision of the Act. In addition, an individual may request to see a disclosure accounting for his record(s) in order to determine how information about him has been used.

3. "There must be a way for an individual to prevent information about him obtained for one purpose from being used or made available for other purposes without his consent."  Agencies are prohibited by the Act from disclosing information for uses not compatible with the purposes for which the information was collected unless prior written consent of the individual has been obtained.

4. "There must be a way for an individual to correct or amend a record of identifiable information about him." Embodied in the Act are provisions specifying procedures which must be implemented by agencies for handling requests from an individual to amend his record or to review an initial adverse decision on a request to amend his record.

5. "Any organization creating, maintaining, using or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take reasonable precautions to prevent misuse of the data." Under the Act, agencies are required to ensure that information is accurate, relevant, timely, and complete and that appropriate administrative, technical, and physical safeguards exist to ensure the security and confidentiality of that information.

After extensive hearings in each chamber, on November 21, 1974, the Senate passed S. 3418, as interpreted by Senate Report 93-1183, while on December 11, 1974, the House of Representatives passed H.R. 16373, as interpreted by House Report 93-1416. These two bills contained a number of differences which were resolved after informal discussions between members of each chamber. The most notable areas of compromise were:

A compromise privacy bill incorporating all of the approved amendments was drafted at these informal discussions. With slight modifications, it was this compromise bill which was passed by both the House and the Senate, and subsequently signed by the President as Public Law 93-579, the Privacy Act of 1974. The law amends Chapter 5 of Title 5 of the United States Code dealing with Administrative Procedures by inserting a new section 552a.

Of particular import with regard to interpretation of the Privacy Act is the absence of any formal conference report by a conference committee. Normally, after the conferees have reached an agreement on all proposed amendments, their recommendations are incorporated in a report which is signed by a majority of the conferees and entered into the House and Senate records with the adoption of the compromise bill.  Due to the impending close of the 93rd session of Congress, however, there was no formal conference committee in the case of the Privacy Act. As a result, an analysis of the compromise amendments, as agreed upon by selected members of the two chambers during the informal discussions, was prepared by various staff members as an alternative to a conference report. Copies of this analysis, with several (possibly significant) differences, were inserted into the Congressional Record, in the Senate by Senator Sam J. Ervin, Jr. on December 17, 1974 and in the House by Representative William S. Moorhead on December 18, 1974. As a result, when investigating the legislative history of the Privacy Act, both the House and the Senate analyses of the compromise amendments must be considered.

Finally, in order to facilitate the workings of the Privacy Act, section 6 of the Act directs the Office of Management and Budget (OMB) to develop guidelines for use by the agencies in the implementation of the Act.