[ table of contents ] [ next section ]

VII. The Privacy Act of 1974


The Privacy Act of 1974 provides safeguards against an invasion of privacy through the misuse of records by Federal agencies. In general, the act allows a citizen to learn how records are collected, maintained, used, and disseminated by the Federal Government. The act also permits an individual to gain access to most personal information maintained by Federal agencies and to seek amendment of any inaccurate, incomplete, untimely, or irrelevant information.

The Privacy Act applies to personal information maintained by agencies in the executive branch of the Federal Government. The executive branch includes cabinet departments, military departments, government corporations, government controlled corporations, independent regulatory agencies, and other establishments in the executive branch. Agencies subject to the Freedom of Information Act are also subject to the Privacy Act. The Privacy Act does not generally apply to records maintained by State and local governments or private companies or organizations.\31\

The Privacy Act only grants rights to U.S. citizens and to aliens lawfully admitted for permanent residence. As a result, a nonresident foreign national cannot use the act's provisions. However, a nonresident foreign national may use the FOIA to request records about himself or herself.

In general, the only records subject to the Privacy Act are records that are maintained in a system of records. The idea of a "system of records" is unique to the Privacy Act and requires explanation.

The act defines a "record" to include most personal information maintained by an agency about an individual. A record contains individually identifiable information, including but not limited to information about education, financial transactions, medical history, criminal history, or employment history. A "system of records" is a group of records from which information is actually retrieved by name, Social Security number, or other identifying symbol assigned to an individual.

Some personal information is not kept in a system of records. This information is not subject to the provisions of the Privacy Act, although access may be requested under the FOIA. Most personal information in government files is subject to the Privacy Act.

The Privacy Act also establishes general records management requirements for Federal agencies. In summary, there are five basic requirements that are most relevant to individuals.

First, each agency must establish procedures allowing individuals to see and copy records about themselves. An individual may also seek to amend any information that is not accurate, relevant, timely, or complete. The rights to inspect and to correct records are the most important provisions of the Privacy Act. This Guide explains in more detail how an individual can exercise these rights.

Second, each agency must publish notices describing all systems of records. The notices include a complete description of personal data recordkeeping policies, practices, and systems. This requirement prevents the maintenance of secret record systems.

Third, each agency must make reasonable efforts to maintain accurate, relevant, timely, and complete records about individuals. Agencies are prohibited from maintaining information about how individuals exercise rights guaranteed by the first amendment to the U.S. Constitution unless maintenance of the information is specifically authorized by statute or by the individual or relates to an authorized law enforcement activity.

Fourth, the act establishes rules governing the use and disclosure of personal information. The act specifies that information collected for one purpose may not be used for another purpose without notice to or the consent of the subject of the record. The act also requires that each agency keep a record of some disclosures of personal information.

Fifth, the act provides legal remedies that permit an individual to seek enforcement of the rights granted under the act. In addition, Federal employees who fail to comply with the act's provisions may be subjected to criminal penalties.


\31\ The Privacy Act applies to some records that are not maintained by an agency. Subsection (m) of the act provides that, when an agency provides by contract for the operation of a system of records on its behalf, the requirements of the Privacy Act apply to those records. As a result, some records maintained outside of a Federal agency are subject to the Privacy Act. Descriptions of these systems are published in the Federal Register. However, most records maintained outside of Federal agencies are not subject to the Privacy Act.