cannot protect himself from its misappropriation, misapplication or misuse. Both government and private enterprise need direction, because many of their practices and policies have developed on an isolated, ad hoc basis.

The House Republican Task Force on Privacy has investigated the following general areas involving the investigation and recording of personal activities and information: government surveillance, federal information collection, social security numbers and universal identifiers, census information, bank secrecy, consumer reporting, school records, juvenile records, arrest records, medical records, and computer data banks. These inquiries have resulted in the development of general suggestions for legislative remedies. Each statement is accompanied by a set of findings.

All findings and recommendations are presented with the intent of being consistent with these general principles:

1. there should be no personal information system whose existence is secret; 2. information should not be collected unless the need for it has been clearly established in advance;

3. information should be appropriate and relevant to the purpose for which it has been collected;

4. information should not be obtained by fraudulent or unfair means;

5. information should not be used unless it is accurate and current;

6. there should be a prescribed procedure for an individual to know the existence of information stored about him, the purpose for which it has been recorded, particulars about its use and dissemination, and to examine that information;

7. there should be a clearly prescribed procedures for an individual to correct, erase, or amend inaccurate, obsolete, or irrelevent information;

8. any organization collecting, maintaining, using, or disseminating personal information should assure its reliability and take precautions to prevent its misuse;

9. there should be a clearly prescribed procedure for an individual to prevent personal information collected for one purpose from being used for another purpose without his consent; and

10. the Federal Government should not collect personal information except as expressly authorized by law.

Each recommendation of the Task Force seeks to contribute to a broader, more intelligent, viable understanding of the need for a renewed concern for personal privacy. An awarenes of personal privacy must be merged with the traditional activities of the free marketplace and the role of the government as a public servant. The Task Force respectfully commends this report to your attention.

SURVEILLANCE

The Task Force is deeply disturbed by the increasing incidence of unregulated, clandestine government surveillance based solely on administrative or executive authority. Examples of such abuses include wiretapping, bugging, photographing, opening mail, examining confidential records and otherwise intercepting private communications and monitoring private activities. Federal government surveillance is widely known and feared, but state and local government, military intelligence and police activities also must be regulated.

The Fourth Amendment of the Constitution clearly specifies "the right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures." The First Amendment guards against abridgement of the rights of free speech, free press, and assembly for political purposes. The Fourteenth Amendment states that none of a citizen's rights may be taken from him by governmental action without the due process of law.

The direct threat to individual civil liberties is obvious in those cases in which a person is actually being monitored, but even more alarming is the "chilling effect" such activities have on all citizens. A person who fears that he will be monitored may, either subconsciously or consciously, fail to fully exercise his constitutionally guaranteed liberties. The mere existence of such fear erodes basic freedoms and cannot be accepted in a democratic society.

The various abuses of discretionary authority in the conduct of surveillance provide ample evidence that current safeguard mechanisms do not work. Procedures allowing the executive branch to determine whether a surveillance activity is proper or not pose certain conflict of interest questions.

Considerable confusion currently surrounds the question of who is authorized to approve and permit the usurpation or abrogation of a citizen's constitutional

rights to privacy. To eliminate the present ambiguity, the Task Force recommends that new legislation be enacted immediately to prohibit any employee or agent of the government (federal, state or local) from intercepting or monitoring the private communications of any American citizen except in cases where express approval of such activity has been granted in advance by a court of jurisdiction. As is the case presently with court-ordered wiretaps, "probable cause" will have to be shown before approval can be obtained. No agent of the government should have the authority to conduct any surveillance without first obtaining a court order.

The Task Force believes that this proposal would not lessen the capabilities of the government to protect and defend the American people, but would go a long way toward assuring the individual citizen that his constitutional rights will not be abridged by government without due process of law.

FEDERAL INFORMATION COLLECTION

Recently, there has been a pronounced increase in federal data and information collection. Over 11.5 million cubic feet of records were stored in Federal Records Centers at the beginning of FY 1973. Accompanying this increase has been a rise in the potential for abuse of federal information collection systems.

The Federal Reports Act of 1942 was enacted to protect individuals from overly burdensome and repetitive reporting requirements. The agency entrusted with the responsibility for implementing the Act has ignored the legislative mandate and failed to hold a single hearing or conduct any investigations. With the exception of the Bureau of the Census and the Internal Revenue Service, there are few restrictions on the collection or dissemination of confidential information compiled by federal agencies.

The Task Force recommends that the Office of Management and Budget immediately begin a thorough review and examination of all approved government forms and eliminate all repetitive and unnecessary information requirements.

Legislation setting down clear guidelines and spelling out restrictions is needed to protect the individual from unrestricted and uncontrolled information collection. Individuals asked to provide information must be apprised of its intended uses. Individuals supplying information which will be made public must be notified of that fact at the time the information is collected or requested. Public disclosure (including dissemination on an intra- or inter-agency basis) of financial or other personal information must be prohibited to protect the privacy of respondents.

Returning the use of the Social Security Number (SSN) to its intended purpose (i.e. operation of old-age, survivors, and disability insurance programs) is a necessary corollary to safeguarding the right of privacy and curtailing illegal or excessive information collection.

The use of the Social Security Number has proliferated to many general items including state driver licenses, Congressional, school and employment identification cards, credit cards and credit investigation reports, taxpayer identification, military service numbers, welfare and social services program recipients, state voter registration, insurance policies and records and group health records.

There are serious problems associated with the use of the SSN as a standard universal number to identify individuals. A standard universal identifier will relegate people to a number status, thereby increasing feelings of alienation and anomie. The SSN's growing use as an identifier and filing number is already having a negative, dehumanizing effect upon many citizens. In addition, the use of a standard universal identifier by all types of organizations enables the linking of records and the tracking of individuals from cradle to grave. This possibility would negate the right to make a "fresh start", the right of anonymity, and the right to be left alone.

A well-developed Standard Universal Identifier system would require a huge, complex bureaucratic apparatus to control it and demand a strict system of professional ethics for information technicians. The technology needed to protect against unauthorized use has not yet been adequately researched and developed. A loss or theft would seriously compromise a system and official misappropriation could become a political threat.

The reasons against allowing the continued or expanded use of the SSN as an identification or general filing number are too great to allow its unrestricted use. Translated into congressional action, the following steps should be taken:

1. legislation should be enacted that sets guidelines for use of the SSN by limiting it to the operation of old-age, survivors, and disability insurance programs, or as required by federal law;

2. any Executive Orders authorizing federal agencies to use SSNs should be repealed, or alternatively, reevaluated and modified;

3. legislation should be enacted restricting the use of the SSN to well-defined uses, and prohibiting the development, and use of any type of Standard Universal Identifier until the technical state of the computer can ensure the security of such a system. At that time, a SUI system should have limited applicability and should be developed only after a full congressional investigation and mandate; and

4. new government programs should be prohibited from incorporating the use of the SSN or other possible SUI. Existing programs using the SSN without specific authorization by law must be required to phase out their use of the SSN. State and local governmental agencies, as well as the private sector, should follow this same course of action.

CENSUS BUREAU

The greatest personal data collection agency is the Bureau of Census. Created to count the people in order to determine congressional districts, this agency has mushroomed into a vast information center which generates about 500,000 pages of numbers and charts each year.

Under penalty of law, the citizen is forced to divulge intimate, personal facts surrounding his public and private life and that of his entire family. These answers provide a substantial personal dossier on each American citizen. The strictest care must be taken to protect the confidentiality of these records and ensure that the information is used for proper purposes.

The Census Bureau sells parts of its collected data to anyone who wishes to purchase such information. Included are all types of statistical data that are available on population and housing characteristics. As the questions become more detailed and extensive, broad-scale dissemination becomes more threatening and frightening. When used in combination with phone directories, drivers' license and street directories, census data may enable a person to identify individuals. Therefore, it is vitally important that rules and regulations governing the access and dissemination of this collected data be reviewed, clarified and strengthened.

Legislation is needed to guarantee the confidentiality of individual information by amplifying the scope of existing law and by increasing the severity of punishment for divulging confidential information. These provisions should be specifically directed at the officers and employees of the Bureau of Census, all officers and employees of the Federal government and private citizens who wrongfully acquire such information. In addition, the Bureau of the Census must use all available technological sophistication to assure that individuals cannot be inductively identified.

FINANCIAL INFORMATION

On October 26, 1970, sweeping legislation known as the Bank Secrecy Act became law. The Act's intention was to reduce white collar crime by making records more accessible to law enforcement officials. However, in accomplishing its purpose, it allowed federal agencies to seize and secure certain financial papers and effects of bank customers without serving a warrant or showing probable cause. The Act's compulsory recordkeeping requirements, by allowing the recording of almost all significant transactions, convert private financial dealings into the personal property of the banks. The banks become the compilers and custodians of financial records which, when improperly used, enable an individual's entire lifestyle to be tracked down.

The general language of the Act allowed bureaucrats to ignore the intent of the law and neglect to institute adequate privacy safeguards. The Supreme Court then affirmed this distortion by upholding the constitutionality of both the law itself and the bureaucratic misinterpretation of it.

Congress must now take action to rectify its original mistake. Specifically, banks should be prohibited from recording and making a permanent record of all but major personal transactions. In addition, the disclosure of a customer's records should occur only:

1. if the customer specifically authorizes such disclosure; or

2. if the financial institution is served with a court order directing it to comply, which is issued after the customer is notified and has had an opportunity to challenge the subpoena or summons.

Passage of such legislation would be an important step forward in reaffirming the individual's right to privacy.

CONSUMER REPORTING

The consumer reporting industry, through its network of credit bureaus, investigative agencies, and other reporting entities is in growing conflict with individual privacy. Most Americans eventually will be the subject of a consumer report as a result of applyng for credit, insurance, or employment. The problem is one of balancing the legitimate needs of business with the basic rights of the individual.

Consumer reports fall into two categories. First, there are the familiar con-sumer reports which contain "factual" information on an individual's credit record-where accounts are held, how promptly bills are paid. 100 million consumer reports are produced each year by some 2600 credit bureaus.

Secondly, investigative consumer reports go beyond factual information to include subjective opinions of the individual's character, general reputation, personal characteristics, or mode of living. These are often obtained through interviews with neighbors, friends, ex-spouses and former employers. An estimated 30 to 40 million such reports are produced annually.

The Fair Credit Reporting Act. The first Federal attempt at regulating the collection and reporting of information on consumers by third-party agencies came in 1970 with the enactment of the Fair Credit Reporting Act (FCRA). In theory, the Act had three main objectives: to enable consumers to correct inaccurate and misleading reports; to preserve the confidentiality of the informa-tion; and to protect the individual's right to privacy.

The specific safeguards provided by the FCRA are: A consumer adversely affected because of information contained in a consumer report must be so notified and given the identity of the reporting agency. The consumer is entitled to an oral disclosure of the information contained in his file and the identity of its recipients. Items disputed by the consumer must be deleted if the information cannot be reconfirmed. The consumer may have his version of any disputed item entered in his file and included in subsequent reports.

The FCRA needs to be strengthened in two major areas: disclosure requirements and investigative reports. The individual should be entitled to actually see and inspect his file, rather than rely on an oral presentation. Further, he should be allowed to obtain a copy of it by mail (the consumer is often geographically distant from the source of the file). Users of consumer reports should be required to specifically identify the information which triggered any adverse action.

The FCRA protects the sources used in investigative reports. The Task Force believes that this is contrary to the basic tenets of our system of justice and that the information source must be revealed upon the subject's request. Furthermore, the Task Force recommends that advance written authorization be required from any individual who is the subject of an investigative report for any purpose.

SCHOOL RECORDS

The recent increase in popular awareness of the seriousness of the privacy issue has been accompanied by an increase in the general concern over loose, unstructured and unsupervised school recordkeeping systems and associated administrative practices. There has also been general discussion about what information should be kept on a child and considered part of his or her "record". Parents are frequently denied access to their own child's record, or are prohibited from challenging incorrect or misleading information contained in his file. At the same time, incidents of highly personal data being indiscriminately disseminated to inquirers unconnected with the school system are not uncommon. Remedial measures are available to the Congress in the form of legislative actions. The sanctions under which such provisions would operate, however, are the key to their effectiveness. The Task Force proposes that federal funds be withheld from any state or local educational agency or institution which has the policy of preventing parents from inspecting, reviewing, and challenging

the content of his or her child's school record. Outside access to these school records must be limited so that protection of the student's right to privacy is ensured. It is recommended that the release of such identifiable personal data outside the school system be contingent upon the written consent of the parents or court order.

All persons, agencies, or organizations desiring access to the records of a student must complete a written form indicating the specific educational need for the information. This information shall be kept permanently with the file of the student for inspection by parents of students only and transferred to a third party only with written consent of the parents. Personal data should be made available for basic or applied research only when adequate safeguards have been established to protect the students' and families' rights of privacy.

Whenever a student has attained eighteen years of age, the permission or consent required of and the rights accorded to the parents should be conferred on the student.

Finally, the Secretary of HEW should establish or designate an office and review board within HEW for the purpose of investigating, processing, reviewing, and adjudicating violations of the provisions set forth by the Congress.

JUVENILE RECORDS

The Task Force supports the basic philosophy underlying the existence of a separate court system for juvenile offenders, which is to avoid the stigmatizing effect of a criminal procedure. The lack of confidentiality of such proceedings and accompanying records subverts this intent and violates the individual's basic right of privacy.

Most states have enacted laws to provide confidentiality. Yet the Task Force finds that due to a lack of specific legislation, and contrary to the intent of the juvenile justice system, the individual's right of privacy is often routinely violated. Juvenile records are routinely released to the military, civil service, and often to private employers as well. This occurs in cases in which the hearing involves non-criminal charges, in cases of arrest but no court action, in cases in which the individual is no longer under the jurisdiction of the juvenile court, and in cases where his file has been administratively closed.

Legislation governing the confidentiality of juvenile court and police records varies widely from state to state. Only 24 states control and limit access to police records, therefore enabling a potential employer who is refused access to court records to obtain the information from the police. Only 16 states have expungement laws providing for the destruction of such records after a specified period of good behavior. Only 6 states make it a crime to improperly disclose juvenile record information. And, one state, Iowa, in fact provides that juvenile records must be open to the public for inspection. The Task Force finds that even in those states whose laws provide adequate protection, actual practices are often inconsistent with legislation.

Many new questions about confidentiality, privacy and juvenile rights are being raised, and the Task Force finds that the establishment of safeguards has lagged significantly behind technological developments. For example, presently no state has enacted legislation regulating the use of computers in juvenile court; as a rule, each system establishes its own guidelines for data collection, retention, and distribution.

The Task Force finds that with the use of computers, the juvenile's right to privacy is additionally threatened by the increased accessibility to his record and therefore increased possibility of misuse. Staff carelessness, less than strict adherence to rules of limited access, and electronic sabotage must now be added to the existing threats to the juvenile's right to privacy.

The Task Force recommends the establishment of minimum federal standards for state laws to include the following provisions:

1. All records of the juvenile court and all police records concerning a juvenile shall be considered confidential and shall not be made public. Access to these records shall be limited to those officials directly connected with the child's treatment, welfare, and rehabilitation.

2. Dissemination of juvenile records, or divulgence of that information for employment, licensing, or any other purpose in violation of statutory provisions shall be subject to a criminal penalty.

3. To protect the reformed delinquent from stigma continuing into his adult life, provisions should provide a procedure for either the total destruction or