National Privacy Policy Message to the Congress on Proposals To Protect the Privacy of Individuals.
To the Congress of the United States:
I am announcing today sweeping proposals to protect the privacy of individuals.
"The right to be let alone," Justice Brandeis wrote 60 years ago, "is the right most valued by civilized men." That right is built into our Constitution, which forbids unwarranted searches of citizens and their homes. At the time the Constitution was written—a time when private conversations were conducted face-to-face or through the mail and most private records were kept at home—those protections seemed adequate.
The growth of society and technology has changed all that. We confront threats to privacy undreamed of 200 years ago. Private conversations are often conducted by telephone. Many personal records are held by institutions, such as banks and government agencies, and the Supreme Court has held that the individual has no constitutional rights over such records. Important judgments about people-such as the decision to extend credit or write an insurance policy—are often made by strangers, on the basis of recorded data.
Whenever we take out a loan, apply for insurance, receive treatment at a hospital, obtain government assistance, or pay our taxes, we add to the store of recorded information about our lives. That store is growing exponentially: in 1940, for example, 1.2 billion checks were written—in 1970 it was 7.2 billion. Personal information on millions of Americans is being flashed across the nation from computer to computer.
These changes are not the product of any plan to invade our privacy. They have developed naturally with the growth of our economy, the expansion of public and private institutions, the mobility of our citizens and the invention of computers and telecommunications systems.
Modern information systems are essential to our economy. They contribute to the comfort and convenience of our lives. But they can be misused to create a dangerously intrusive society.
Our challenge is to provide privacy safeguards that respond to these social changes without disrupting the essential flow of information.
Much has already been done. Laws are in place to restrict wiretapping. Last year Congress strengthened those protections by legislating restrictions on national security wiretaps. The Privacy Act of 1974 set rules for Federal agencies' record keeping. The Fair Credit Reporting Act and related Acts gave consumers the right to know information about themselves contained in the records of credit-reporting bureaus. The Family Educational Rights and Privacy Act gave students the right to see personal records held by educational institutions. Last year, the Congress passed the Financial Privacy Act, placing controls on Federal agencies' access to bank records.
These protections are a good beginning, but they were adopted piecemeal and have limited scope. It is time to establish a broad, national privacy policy to protect individual rights in the information age, as recommended by the Privacy Protection Study Commission.
I propose a privacy policy based on two principles:
• Fair Information Practices. Standards must be provided for handling sensitive, personal records. Individuals should be told what kind of information is being collected about them, how it will be used, and to whom it will be disclosed. They should be able to see and obtain a copy of the records and correct any errors. They should be told the basis for an adverse decision that may be based on personal data. And they should be able to prevent improper access to the records.
• Limits on the Government. Government access to and use of personal information must be limited and supervised so that power over information cannot be used to threaten our liberties.
The policy I am proposing will not disrupt the flow of information needed for legitimate business operations. Businesses gain by establishing good record-keeping systems and by keeping the trust of their customers and employees.
Nor will this policy prevent government agencies from collecting the information they need to enforce the laws. It will strengthen, not impede, the ability of reporters to cover the news. It will not impose heavy costs, and it will not create any new regulatory structures. Instead, it will establish a framework for private and government activity to prevent privacy abuses.
The responsibility for implementing this policy should be shared by the Federal government, by state and local governments, and by private institutions. I propose that the Federal government concentrate on improving its own activities and on setting standards for non-Federal record systems that contain particularly sensitive data and either involve Federal funding or require nationwide, uniform rules. We are submitting three bills to Congress today to address these areas, and a fourth major proposal will follow soon.
State and local governments should build on this base to ensure that their own record systems are properly protected. In addition, a key element of the policy I am proposing is voluntary action by private businesses and organizations.
I. FAIR INFORMATION PRACTICES
To establish privacy safeguards for key record systems, I have these proposals:
MEDICAL RECORDS
The "Privacy of Medical Information Act" is being submitted to you today. It establishes privacy protections for information maintained by almost all medical institutions. The Act will give individuals the right to see their own medical records. If direct access may harm the patient, the Act provides that access may be provided through an intermediary. This legislation allows the individual to ensure that the information maintained as part of his medical care relationship is accurate, timely, and relevant to that care. Such accuracy is of increasing importance because medical information is used to affect employment and collection of insurance and other social benefits.
The Act also limits the disclosure of medical information, and makes it illegal to collect medical information under false pretenses. The legislation allows disclosure when it is needed for medical care and other legitimate purposes, such as verifying insurance claims, and for research and epidemiological studies. In such cases, redisclosure is restricted.
FINANCIAL RECORDS
The Administration will soon submit the "Fair Financial Information Practices Act." This bill will expand the laws on consumer credit and banking records to provide full fair information protections. It will ensure that consumers are informed about firms' record keeping practices and thereby help them decide which firm to patronize. Specific requirements will be tailored to fit the varying information practices of the industries.
The bill will also provide, for the first time, national privacy standards for insurance records. This is a major step forward into an area where individuals have few such protections. The bill is not intended to change the existing pattern of regulating insurance at the state level, and it allows state regulators to oversee compliance. However, it will minimize the danger that a welter of differing state privacy standards will confuse the public and impose heavy costs on the insurance industry.
In addition, this bill will restrict disclosure of data from electronic funds transfer (EFT) systems. Although the emergence of EFT is relatively recent, its potential impact on our lives is enormous. Americans are benefitting from EFT in a variety of ways: automatic deposit of a paycheck in a bank account; automatic payment of a mortgage installment; cash dispensing machines; and so on. EFT terminals have the potential to supplant cash, checks and credit cards in a broad range of consumer transactions, from supermarket purchases to auto rentals. Such systems are efficient, but they pose major privacy problems. Not only do they contain extensive personal data on individuals, but they can be used to keep track of people's movements and activities. This legislation will erect safeguards against misuse of these systems while allowing flexibility for commercial and technological innovation.
RESEARCH RECORDS
Federally-supported research collection is vital for improved medical care, for cost-effective regulations, for economic analysis, and for many other purposes. In most cases, the information collected for these purposes is submitted voluntarily, is quite personal, and is collected on an express or implied pledge of confidentiality. That pledge is often essential to obtain individuals' cooperation in providing the information and ensuring its accuracy and completeness. However, in most cases there is no legal basis at present to guarantee the promise of confidentiality.
The "Privacy of Research Records Act" is being submitted today. This bill will ensure that personal information collected or maintained for a research purpose may not be used or disclosed in individually identifiable form for an action that adversely affects the individual.
We are also developing separate legislation to reduce the amount of information government collects in the first place through improved oversight and through carefully controlled sharing arrangements.
OTHER RECORD SYSTEMS
The Privacy Commission recommended against Federal legislation on employment records and proposed instead that employers be asked to establish voluntary policies to protect their employees' privacy. I agree.
Many employers are already adopting the standards established by the Commission. Business groups, including the Business Roundtable, the Chamber of Commerce, and the National Association of Manufacturers, are encouraging such voluntary action. I urge other employers to take similar action, and I have instructed the Secretary of Labor to work with employer and employee groups in the implementation of these standards.
The Commission did urge one piece of legislation in the employment area-limits on the use of lie detectors in private employment. Such legislation already has been introduced in this Congress, and I urge you to proceed favorably with it.
I also urge commercial credit grantors and reporting services to adopt voluntary fair information standards, to avoid any need for Federal legislation in this area.
It is critical that the privacy of those who receive public assistance and social services be adequately protected. I call upon the states to move forward with legislation to provide such protections, consistent with the Privacy Commission's recommendations and the need to prevent fraud in these programs. I have instructed the Secretary of Health, Education and Welfare to develop minimum privacy standards for these Federally funded programs.
I also urge the states to act on other state and local record systems, particularly those of criminal justice agencies.
II. FEDERAL GOVERNMENT ACTIVITIES
I am also announcing measures to strengthen safeguards on Federal investigations and record-keeping.
The bills on medical and financial records will ensure that the government obtains access to such records only for legitimate purposes. In most cases, the individual will be notified and given an opportunity to contest such access. I have these additional proposals:
GOVERNMENT ACCESS TO NEWS MEDIA FILES
The Supreme Court's decision last year in Zurcher v. Stanford Daily poses dangers to the effective functioning of our free press. I announced in December that we would develop legislation to protect First Amendment activities from unnecessarily intrusive searches while preserving legitimate law enforcement interests. Although regulations already restrict Federal officers' investigation of the news media, the problems raised by the Stanlord Daily case require new, stringent safeguards against Federal, state and local governmental intrusion into First Amendment activities.
I am submitting this legislation today. It will restrict police searches for documentary materials held by the press and by others involved in the dissemination of information to the public. With limited exceptions, the bill will prohibit a search for or seizure of "work product"—such as notes, interview files and film. For documents which do not constitute work product, the bill requires that the police first obtain a subpoena rather than a search warrant. This ensures that police will not rummage through files of people preparing materials for publication and that those subject to the subpoena have the opportunity to contest the government's need for the information.
WIRETAPPING
The privacy of personal communication is an important civil liberty. Americans are entitled to rely on that privacy, except where a legitimate and urgent law enforcement or national security purpose creates an overriding need. The fact that the person who is the target of surveillance is usually unaware of it argues for the tightest controls and for public accountability for the officials who authorize surveillance.
Title III of the Omnibus Crime Control and Safe Streets Act of 1968 governs the use of electronic surveillance of wire and oral communications except in matters involving foreign intelligence and counterintelligence. The National Commission for the Review of Federal and State Laws Relating to Wiretapping and Electronic Surveillance has studied the experience under Title III and has issued findings and recommendations.
I am transmitting to Congress today a letter which sets forth my detailed views concerning those recommendations. In general I endorse the recommended adjustments which would strengthen Title III's protections for individual privacy. I do not, however, support the recommendation to amend the law to allow Federal officials below the rank of Assistant Attorney General to apply to the courts for wiretaps. Such a change would diminish accountability and increase the danger of misuse. Also, I am not convinced that the list of criminal statutes for which electronic surveillance orders may be obtained should be expanded. I have asked the Attorney General to consult with the Secretary of the Treasury and with the Congress on those Commission recommendations.
FEDERAL RECORDS
The Federal Government holds almost four billion records on individuals, most of them stored in thousands of computers. Federally-funded projects have substantial additional files. This information is needed to run the social security system, collect taxes, conduct research, measure the economy, and for hundreds of other important purposes. Modern technology, however, makes it possible to turn this store into a dangerous surveillance system. Reasonable restrictions are needed on the collection and use of this information.
The Privacy Act of 1974 established privacy safeguards for Federal records. It prevents agencies from collecting certain kinds of information, such as information about political beliefs; requires public notice whenever a new data system is established; gives individuals the right to see and correct their records; and limits disclosure of personal information.
While the Privacy Act is working reasonably well and is too new to decide on major revisions, I have ordered a number of administrative actions to improve its operation.
We are issuing today final guidelines for Federal agencies on the use of "matching programs." These programs compare computerized lists of individuals to detect fraud or other abuses. Such programs are making an important contribution to reducing abuse of Federal programs and are thereby saving taxpayers' money. However, safeguards are needed to protect the privacy of the innocent and to ensure that the use of "matching" is properly limited. The guidelines, which were developed with public participation, will ensure that these programs are conducted:
• only after the public has been notified and given the opportunity to identify privacy problems;
• with tight safeguards on access to the data and on disclosure of the names of suspects identified by matching;
• only when there are no cost-effective, alternative means of identifying violators.
I have also directed that action be taken to:
• extend Privacy Act protections to certain data systems operated by recipients of Federal grants;
• strengthen administration of the "routine use" provision of the Privacy Act, which governs disclosures of personal information by Federal agencies;
• ensure that each Federal agency has an office responsible for privacy issues raised by the agency's activities;
• improve the selection and training of the system managers required by the Privacy Act;
• improve oversight of new Federal information systems at an early state in the planning process; and
• limit the amount of information the government requires private groups and individuals to report.
The Office of Management and Budget, as the unit responsible for overseeing Federal agency record-keeping, will implement these actions. I have assigned the Commerce Department's National Telecommunications and Information Administration to be the lead agency on other privacy matters and to work with Congress on the continuing development of privacy policy.
INTERNATIONAL PRIVACY ISSUES
The enormous increase in personal data records in the U.S. has been matched in other advanced countries. Throughout Western Europe, as well as in Canada, Australia, and Japan, records of personal data have grown at explosive rates. Our concerns about privacy are shared by many other governments.
International information flows, however, are increasingly important to the world's economy. We are, therefore, working with other governments in several international organizations to develop principles to protect personal data crossing international borders and to harmonize each country's rules to avoid needless disruption of international communications. Enactment of the proposals I have outlined will help speed this process by assuring other countries that the U.S. is committed to the protection of personal data.
Privacy is a permanent public issue. Its preservation requires constant attention to social and technological changes, and those changes demand action now.
I ask the Congress and the public to join me in establishing a comprehensive framework of reasonable privacy protections. Together we can preserve the right to privacy in the information age.
JIMMY CARTER
The White House,
April 2, 1979.
Jimmy Carter, National Privacy Policy Message to the Congress on Proposals To Protect the Privacy of Individuals. Online by Gerhard Peters and John T. Woolley, The American Presidency Project https://www.presidency.ucsb.edu/node/249574