Lapas attēli
PDF
ePub

the extent to which they are consistent with the rights of privacy, due process of law, and other guarantees in the Constitution;

(B) determine to what extent governmental and private information systems affect Federal-State relations or the principle of separation of powers;

(C) conduct a thorough examination of standards and criteria governing programs, policies, and practices relating to the collection, solíciting, processing, use, access, integration, dissemination, and transmission of personal information;

(D) to the maximum extent practicable, collect and utilize findings, reports, and recommendations of major governmental, legislative and private bodies, institutions, organizations, and individuals which pertain to the problems under study by the Commission; and

(E) receive and review complaints with respect to any matter under study by the Commission which may be submitted by any

person.

REPORTS

SEC. 107. The Commission shall, from time to time, and in an annual report, report to the President and the Congress on its activities in carrying out the provisions of this Act.

TITLE II-STANDARDS AND MANAGEMENT SYSTEMS FOR HANDLING INFORMATION RELATING TO INDIVIDUALS

SAFEGUARD REQUIREMENTS FOR ADMINISTRATIVE, INTELLIGENCE, STATISTICAL-REPORTING, AND RESEARCH PURPOSES

SEC. 201. (a) Each Federal agency shall

(1) collect, solicit, and maintain only such personal information as is relevant and necessary to accomplish a statutory purpose of the agency;

(2) collect information to the greatest extent practicable directly from the subject individual when the information may result in adverse determinations about an individual's rights, benefits, and privileges under Federal programs; and

(3) inform any individual requested to disclose personal information whether that disclosure is mandatory or voluntary, by what statutory authority it is solicited, what uses the agency will make of it, what penalties and specific consequences for the individual, which are known to the agency, will result from nondisclosure, and what rules of confidentiality will govern the information.

(b) Each Federal agency that maintains an information system or file shall, with respect to each such system or file

(1) insure that personal information maintained in or disseminated from the system or file is, to the maximum extent possible, accurate, complete, timely, and relevant to the needs of the

agency;

(2) refrain from disclosing any such personal information within the agency other than to officers or employees who have

a need for such personal information in the performance of their duties for the agency;

(3) maintain a list of all categories of persons authorized to have regular access to personal information in the system or file;

(4) maintain an accurate accounting of the date, nature, and purpose of all other access granted to the system or file, and all other disclosures of personal information made to any person outside the agency, or to another agency, including the name and address of the person or other agency to whom disclosure was made or access was granted, except as provided by section 202 (b) of this Act;

(5) establish rules of conduct and notify and instruct each person involved in the design, development, operation, or maintenance of the system or file, or the collection, use, maintenance, or dissemination of information about an individual, of the requirements of this Act, including any rules and procedures adopted pursuant to this Act and the penalties for noncompli

ance;

(6) establish appropriate administrative, technical and physical safeguards to insure the security of the information system and confidentiality of personal information and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom personal information is maintained; and

(7) establish no program for the purpose of collecting or maintaining information describing how individuals exercise rights guaranteed by the first amendment unless the head of the agency specifically determines that such program is required for the administration of a statute which the agency is charged with administering or implementing.

(c) Any Federal agency that maintains an information system or file shall—

(1) make available for distribution upon the request of any person a statement of the existence and character of each such system or file;

(2) on the date on which this Act becomes effective and annually thereafter, notify the Commission and give public notice of the existence and character of each existing system or file simultaneously, and cause such notice to be published in the Federal Register; and

(3) include in such notices at least the following information: (A) name and location of the system or file;

(B) nature and purposes of the system or file;

(C) categories of individuals on whom personal information is maintained and categories of personal information generally maintained in the system or file, including the nature of the information and the approximate number of individuals on whom information is maintained;

(D) the confidentiality requirements and the extent to which access controls apply to such information;

(E) categories of sources of such personal information; (F) the Federal agency's policies and practices regarding implementation of sections 201 and 202 of this Act, information storage, duration of retention of information, and elimination of such information from the system or file;

(G) uses made by the agency of the personal information contained in the system or file;

(H) identity of other agencies and categories of persons to whom disclosures of personal information are made, or to whom access to the system or file may be granted, together with the purposes therefor and the administrative constraints, if any, on such disclosures and access, including any such constraints on redisclosure;

(I) procedures whereby an individual can (i) be informed if the system or file contains personal information pertaining to himself or herself, (ii) gain access to such information, and (iii) contest the accuracy, completeness, timeliness, relevance, and necessity for retention of the personal information; and

(J) name, title, official address, and telephone number of the officer immediately responsible for the system or file. (d) (1) Each Federal agency that maintains an information system or file shall assure to an individual upon request the following rights: (A) to be informed of the existence of any personal information pertaining to that individual;

(B) to have full access to and right to inspect the personal information in a form comprehensible to the individual;

(C) to know the names of all recipients of information about such individual including the recipient organization and its relationship to the system or file, and the purpose and date when distributed, unless such information is not required to be maintained pursuant to this Act;

(D) to know the sources of the personal information, or where the confidentiality of such sources is required by statute, the right to know the nature of such sources;

(E) to be accompanied by a person chosen by the individual inspecting the information, except that an agency or other person may require the individual to furnish a written statement authorizing discussion of that individual's file in the person's presence;

(F) to receive such required disclosures and at reasonable standard charges for document duplication, in person or by mail, if upon written request, with proper identification; and

(G) to be completely informed about the uses and disclosures made of any such information contained in any such system or file except those uses and disclosures made pursuant to law or regulation permitting public inspection or copying.

(2) Upon receiving notice that an individual wishes to challenge, correct, or explain any personal information about him in a system or file, such Federal agency shall comply promptly with the following minimum requirements:

(A) investigate and record the current status of the personal information;

(B) correct or eliminate any information that is found to be incomplete, inaccurate, not relevant, not timely or necessary to be retained, or which can no longer be verified;

(C) accept and include in the record of such information, if the investigation does not resolve the dispute, any statement of reasonable length provided by the individual setting forth his position on the disputed information;

(D) in any subsequent dissemination or use of the disputed information, clearly report the challenge and supply any supplemental statement filed by the individual;

(E) at the request of such individual, following any correction or elimination of challenged information, inform past recipients of its elimination or correction; and

(F) upon a failure to resolve a dispute over information in a system or file, at the request of such individual, grant a hearing before an official of the agency, which shall be conducted as follows:

(i) such hearing shall be held within thirty days of the request at which time the individual may appeal with counsel, present evidence, and examine and cross-examine witnesses;

(ii) any record found after such a hearing to be incomplete, inaccurate, not relevant, not timely nor necessary to be retained, or which can no longer be verified, shall within thirty days of the date of such findings be appropriately modified or purged; and

(iii) the action or inaction of any agency on a request to review and challenge personal data in its possession as provided by this section shall be reviewable by the appropriate United States district court.

(e) When a Federal agency provides by a contract, grant, or agreement the specific creation or substantial alteration of an information system or file and the primary purpose of the grant, contract, or agreement is the creation or substantial alteration of such an information system or file, the agency shall, consistent with its authority, cause the requirements of subsections (a), (b), (c), and (d) to be applied to such system or file. In cases when contractors and grantees or parties to an agreement are public agencies of States or the District of Columbia or public agencies of political subdivisions of States, the requirements of subsections (a), (b), (c), and (d) shall be deemed to have been met if the Federal agency determines that the State or the District of Columbia or public agencies of political subdivisions of the State have adopted legislation or regulations which impose similar requirements.

(f) (1) Any Federal agency maintaining or proposing to establish a personal information system or file shall prepare and submit a report to the Commission, the General Services Administration, and to the Congress on proposed data banks and information systems or files, the proposed significant expansion of existing data banks and information systems or files, integration of files, programs for records. linkage within or among agencies, or centralization of resources and facilities for data processing, which report shall include

41-950 - 74 - 2

(A) the effects of such proposals on the rights, benefits, and privileges of the individuals on whom personal information is maintained;

(B) a statement of the software and hardware features which would be required to protect security of the system or file and confidentiality of information;

(C) the steps taken by the agency to acquire such features in their systems, including description of consultations with representatives of the National Bureau of Standards; and

(D) a description of changes in existing interagency or intergovernmental relationships in matters involving the collection, processing, sharing, exchange, and dissemination of personal information.

(2) The Federal agency shall not proceed to implement such proposal for a period of sixty days from date of receipt of notice from the Commission that the proposal does not comply with the standards established under or pursuant to this Act.

(g) Each Federal agency covered by this Act which maintains an information system or file shall make reasonable efforts to serve advance notice on an individual before any personal information on such individual is made available to any person under compulsory legal process.

(h) No person may condition the granting or withholding of any right, privilege, or benefit, or make as a condition of employment the securing by any individual of any information which such individual may obtain through the exercise of any right secured under the provisions of this section.

DISCLOSURE OF INFORMATION

SEC. 202. (a) No Federal agency shall disseminate personal information unless

(1) it has made written request to the individual who is the subject of the information and obtained his written consent;

(2) the recipient of the personal information has adopted rules in conformity with this Act for maintaining the security of its information system and files and the confidentality of personal information contained therein; and

(3) the information is to be used only for the purposes set forth by the sender or the recipient pursuant to the requirements for notice under this Act.

(b) Section 201 (b) (4) and section 202 (a) (1) shall not apply when disclosure would be

(1) to those officers and employees of that agency who have a need for such information in ordinary course of the performance of their duties;

(2) to the Bureau of the Census for purposes of planning or carrying out a census or survey pursuant to the provisions of title 13, United States Code;

(3) where the agency determines that the recipient of such information has provided advance adequate written assurance that the information will be used solely as a statistical research or re

« iepriekšējāTurpināt »