Even though we're well past the filing-cabinet era and into the
Information Revolution, our privacy laws have not kept pace with the
change. New laws and guidelines are needed to preserve privacy
rights and oversee record-keeping practices in the public and
There is a template for new privacy laws that has existed since
Congress enacted the first - and still the only - specific federal
privacy legislation on the books, the Privacy Act of 1974. Passed in
the wake of the Watergate scandal, the law created the US Privacy
Protection Commission to determine the standards and procedures for
protecting personal information.
The report of the commission's two-year study remains, even
today, our most detailed analysis of privacy protection in public
and private sector record-keeping. Its principles could well be the
basis for new privacy laws.
The report's guiding philosophy was to minimize intrusiveness,
maximize fairness, and require enforceable accountability by record
keepers in government and business. The commission suggested:
outlawing any secret records; mandating an individuals' rights to
see and copy files of information about them anywhere; and providing
the legal right to correct inaccuracies.
Commissioners believed government and business could be self-
regulating in protecting personal information.
Unfortunately, this hasn't been the case. Indeed, 35 percent of
Fortune 500 companies responding to a recent University of Illinois
survey said medical records are used in making employment-related
decisions, and in 9 out of 10 cases the employees are not informed.
In the past, bureaucracy and physical limitations were the
unintended protectors of privacy. Most personal records accumulated
by government agencies, corporations, and institutions stayed within
those organizations simply because of the bulk of paper. Retrieving
one file out of a million was awkward and could take months. Because
storage of accumulated data was costly, much of it was destroyed
But now the transfer of vast amounts of information is nearly
instantaneous. Storage units are so tiny that it may cost less to
store data than to consume valuable computer time to destroy it.
Individuals must take the initiative to uncover their own records
and verify their accuracy. Even when an individual spots errors,
finding their origin is difficult because sources of information
aren't usually clearly noted. It's also impossible for an individual
to know whether organizations honor any assumed confidentiality.
When individuals do know that a record is being abused or suspect an
error in it, they rarely know how to exercise what limited rights
The Privacy Act set up certain constraints on federal agencies. …