The Privacy Act 1974 enacted on December 31, 1974, was established to introduce the fair information processing. Under this law, fall the collection, maintenance, use, and dissemination of information about individuals that is retained in the system of records by federal agencies.
This is the basic privacy act in United States that covers numerous internet, data security and privacy laws in US.
The records maintained are under the control of agency the information of an individual is gained or information is linked to an individual through an identifier.
According to the Privacy Act, the agencies are required to disclose the system of records by a public notice in the Federal Register citation.
This Act restricts any display of user information from the system of records if the written consent of a user is absent. In such case, the records could only be disclosed if they are pursuant to twelve legal exceptions.
The Privacy Act 1974 also allows the users to seek access to their records and for the amendment of this information. Also, the individuals can set forth different agency record-maintaining requirements. The people are able to find out the records which are previously disclosed and are also provided with the right to make correction.
Exemptions For Data Disclosure
As it is clearly mentioned in the Privacy Act that;
“No agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains.”
There are certain exemptions according to which the user’s data disclosure is legalized.
- For analytical purposes by the Census Bureau and the Bureau of Labor Statistics.
- For regular uses by the US governmental agency.
- For the purpose of law enforcement.
- To continue with the congressional investigations.
- For other administrative purposes.
- To meet the archival requirements with the record that has adequate historical or other value to justify the regular preservation by US government.
Other than these conditions, every United States government agency should have an administrative and physical security system to prevent any unauthorized release of individual’s personal information.
The Privacy Act regulates the records of every individual but the Privacy Act only applies to the information maintained by an agency. Therefore, the courts, executive components, non-agency government entities maintained data is not subject to the provision in the Privacy Act and there is no authorization to these records.
Recent Changes by President Trump
Recently, on January 25, 2017, President Donald Trump has signed the executive orders which remove the Privacy Act protections for non-citizens or foreigners. “Privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information” to the extent consistent with applicable law.” This was the section 14 of Trump’s “Enhancing Public Safety” executive orders which instruct Federal Agencies to ensure to comply with the law.
Under this law, there are many laws regarding the U.S internet, data security and privacy such as Electronic Communications Privacy Act (ECPA), Computer Fraud And Abuse Act (CFAA), Cyber Intelligence Sharing And Protection Act (CISPA), Children’s Online Privacy Protection Act (COPPA), etc.