Bill summaries are authored by CRS.

Shown Here:
Passed Senate amended (11/22/1974)

(LATEST SUMMARY)

=Title I: Privacy Protection Commission= - Establishes, as an independent agency, the Privacy Protection Commission.

Requires the Commission to: (1) investigate and report violations of this Act to specified sources; (2) review reports of agencies describing proposed information systems or data banks or significant expansions of such to determine their effect on the privacy and other rights of individuals; and (3) submit findings and recommendations concerning legislative and administrative action relative to such proposals in order to meet the purposes and requirements of this Act.

Provides that if the Commission determines and reports to the Congress that a proposal to establish or modify a data bank or information system does not comply with the standards established by or pursuant to this Act, the Federal agency submitting such report shall not proceed to establish or modify any such data bank or information system for a period of sixty days from the date of receipt of notice from the Commission that such data bank or system does not comply with such standards.

Empowers the Commission to conduct such inspections, hold hearings, take such testimony, require by subpena the attendance of such witnesses and the production of such records and documents, administer such oaths, and make such expenditures as the Commission deems advisable.

Empowers the Commission to adopt, amend, and repeal rules and regulations governing the manner of its operations, organization, and personnel.

Requires the Commission to make a study of the data banks, automated data processing programs, and information systems of governmental, regional, and private organizations, in order to determine the standards and procedures in force for the protection of personal information, and to determine the extent to which those standards and procedures achieve the purposes of this Act.

Requires the Commission to examine and analyze: (1) interstate transfer of information about individuals which is being undertaken through manual files or by computer or other electronic or telecommunications means; (2) data banks and information programs and systems the operation of which significantly or substantially affect the enjoyment of the privacy and other personal and property rights of individuals; and (3) the use of social security numbers, license plate numbers, universal identifiers, and other symbols to identify individuals in data banks and to gain access to, integrate, or centralize information systems and files.

=Title II: Standards and Management Systems for Handling Information Relating to Individuals= - Directs each Federal agency to: (1) collect, solicit, and maintain only such personal information as is relevant and necessary to accomplish a statutory purpose of the agency; (2) collect information to the greatest extent practicable directly from the subject individual; and (3) inform any individual requested to disclose personal information whether that disclosure is mandatory or voluntary.

Requires a Federal agency that maintains an information system or file to, with respect to each such system or file: (1) insure that personal information maintained in the system or file is accurate, complete, timely, and relevant to the purpose for which it is collected or maintained by the agency at the time any access is granted to the file, material is added to or taken from the file, or at any time it is used to make a determination affecting the subject of the file; (2) refrain from disclosing any such personal information within the agency other than to officers or employees who have a need for such personal information in the performance of their duties for the agency; (3) maintain an accurate accounting of the date, nature, and purpose of all other access granted to the system or file, and all other disclosures of personal information made to any person outside the agency or to another agency; (4) establish appropriate administrative, technical and physical safeguards to insure the security of the information system, and confidentiality of personal information; and (5) establish no program for the purpose of collecting or maintaining information describing how individuals exercise rights guaranteed by the first amendment unless the head of the agency specifically determines that such information is relevant and necessary to carry out a statutory purpose of the agency.

Directs such agencies to make available the identity of other agencies and categories of persons to whom disclosures of personal information are made, or to whom access to the system or file may be granted, together with the purposes therefor; and procedures whereby an individual can be informed if the system or file contains personal information pertaining to himself or herself, gain access to such information and contest the accuracy, completeness timeliness, relevance, and necessity for retention of the personal information.

Requires Federal agencies, upon challenge by an individual, to: (1) investigate and record the current status of the personal information; and (2) correct or eliminate any information that is found to be incomplete, inaccurate, not relevant to a statutory purpose of the agency, not timely or necessary to be retained, or which can no longer be verified.

States that no Federal agency shall disseminate personal information unless: (1) it has made written request to the individual who is the subject of the information and obtained his written consent; (2) the recipient of the personal information has adopted rules in conformity with this Act for maintaining the security of its information system and files and the confidentiality of personal information contained therein; and (3) the information is to be used only for the purposes set forth by the sender pursuant to the requirements for notice under this Act.

Provides that specified requirements of this Act shall not apply to any personal information contained in any information system or file if the head of the Federal agency determines, in accordance with the provisions of this Act, that the application of such provisions would seriously damage national defense or foreign policy or where the application of any of such provisions would seriously damage or impede the purpose for which the information is maintained.

Requires that whenever any Federal agency undertakes to exempt any information system, file, or information from the provisions of this Act, the head of such Federal agency shall promptly notify the Commission of its intent and afford the Commission opportunity to comment.

=Title III: Miscellaneous= - Defines terms used in this Act.

Sets forth criminal and civil penalties for violations of this Act.

Prescribes a moratorium on specified uses of Social Security numbers.