The Privacy Act of 1974 (Title 5, U.S. Code, Section 552a) establishes a code of fair information practices that governs the collection, maintenance, use, and dissemination of personally identifiable information about individuals. The purpose of the law is to balance the government’s need to maintain information about individuals with the rights of individuals to be protected against unwarranted invasions of their privacy from the collection and disclosure of these records by federal agencies. Unlike the Freedom of Information Act, the Privacy Act is not a disclosure Act.
The Privacy Act allows individuals – a citizen of the U.S. or an alien lawfully admitted to the U.S. for permanent residence – to request records that are retrievable by name and/or personal identifiers, it also allows individuals to use a representative to make a request on their behalf and/or to request records on the behalf of a minor child or someone who is mentally incompetent if they are that person’s legal guardian or are acting in their best interest.
The focus of the Act is on four basic policy objectives:
- To restrict disclosures of personally identifiable records maintained by agencies,
- To grant individuals increased rights of access to agency records maintained on themselves,
- To grant individuals the right to seek amendment of agency records maintained on themselves, upon a showing that the records are not accurate, relevant, timely or complete, and
- To establish a code of “fair information practices” that requires agencies to comply with statutory norms for collection, maintenance, and dissemination of records.
The Act applies only to federal agencies in the executive branch of the federal government (including the Executive Office of the President) such as the Department of Justice (DOJ) and as part of the DOJ, the DEA. Generally, the Act does not apply to state and local governments or to private companies, unless such entities are involved in a computer matching program with the federal government or are under contract to maintain an agency-approved system of records for an agency. A system of records is a group of records in the agency’s control from which information is retrieved by a unique identifier-such as a name, date of birth, home address, Social Security number, or some other identifying number or symbol. Only U.S. citizens and aliens lawfully admitted to permanent residence may request access to copies of, or correction of their personal information being maintained by the federal government that is not timely, accurate, relevant or complete. The Privacy Act requires that agencies give the public notice of their systems of records by publication in the Federal Register.
Records kept on individuals that are not relevant by a unique identifier are not subject to the Act. The Act provides that agencies may not maintain information on individuals about how they exercise their first Amendment rights, unless maintenance of that information is specifically authorized by statute or release to a law enforcement entity.
The Act requires each agency to maintain only information about an individual that is relevant and necessary to accomplish a purpose of the agency required to be accomplished by statute or by executive order of the President and to collect information to the greatest extent practicable directly from the individual.