Federal Privacy Law Needs Immediate Update

Article excerpt

Even though we're well past the filing-cabinet era and into the Information Revolution, our privacy laws have not kept pace with the change. New laws and guidelines are needed to preserve privacy rights and oversee record-keeping practices in the public and private sectors.

There is a template for new privacy laws that has existed since Congress enacted the first - and still the only - specific federal privacy legislation on the books, the Privacy Act of 1974. Passed in the wake of the Watergate scandal, the law created the US Privacy Protection Commission to determine the standards and procedures for protecting personal information.

The report of the commission's two-year study remains, even today, our most detailed analysis of privacy protection in public and private sector record-keeping. Its principles could well be the basis for new privacy laws.

The report's guiding philosophy was to minimize intrusiveness, maximize fairness, and require enforceable accountability by record keepers in government and business. The commission suggested: outlawing any secret records; mandating an individuals' rights to see and copy files of information about them anywhere; and providing the legal right to correct inaccuracies.

Commissioners believed government and business could be self- regulating in protecting personal information.

Unfortunately, this hasn't been the case. Indeed, 35 percent of Fortune 500 companies responding to a recent University of Illinois survey said medical records are used in making employment-related decisions, and in 9 out of 10 cases the employees are not informed.

In the past, bureaucracy and physical limitations were the unintended protectors of privacy. Most personal records accumulated by government agencies, corporations, and institutions stayed within those organizations simply because of the bulk of paper. Retrieving one file out of a million was awkward and could take months. Because storage of accumulated data was costly, much of it was destroyed over time.

But now the transfer of vast amounts of information is nearly instantaneous. Storage units are so tiny that it may cost less to store data than to consume valuable computer time to destroy it.

Individuals must take the initiative to uncover their own records and verify their accuracy. Even when an individual spots errors, finding their origin is difficult because sources of information aren't usually clearly noted. It's also impossible for an individual to know whether organizations honor any assumed confidentiality. When individuals do know that a record is being abused or suspect an error in it, they rarely know how to exercise what limited rights they have.

The Privacy Act set up certain constraints on federal agencies. …