relevant in the Information Sharing Environment (ISE)
This list of Federal statutes is generally organized in descending order of approximate relative importance of these laws to the work in the ISE. Staff at State, local and tribal fusion centers will find these Federal authorities useful in understanding the constraints upon Federal colleagues and Federal information systems. This list does not contain all possibly relevant Federal statutes. State laws are not covered.
|Terrorism as a Crime
||State Privacy Laws
|While terrorism is a Federal crime, some states have enacted their own anti-terrorism statutes. (January 2003 summary)
||While the Privacy Act described below is a Federal law, some states have state constitutional privacy provisions, privacy offices, and/or state statutes protecting privacy. (Partial listing)
|Source: The National Conference of State Legislatures
Background. “The historical context of the Act is important to an understanding of its remedial purposes: In 1974, Congress was concerned with curbing the illegal surveillance and investigation of individuals by federal agencies that had been exposed during the Watergate scandal; it was also concerned with potential abuses presented by the government’s increasing use of computers to store and retrieve personal data by means of a universal identifier — such as an individual’s social security number.” Dept. of Justice, Overview of the Privacy Act of 1974, 2010 Edition. Also see GAO reports on Federal Agency Efforts to Encrypt Sensitive Information, Protecting Personally Identifiable Information (PII), Alternatives for Enhancing Protection of PII, and Key Privacy Challenges Facing Federal Agencies.
General Provisions. “Broadly stated, the purpose of the Privacy Act is to balance the government’s need to maintain information about individuals with the rights of individuals to be protected against unwarranted invasions of their privacy stemming from federal agencies’ collection, maintenance, use, and disclosure of personal information about them…. The Act focuses on four basic policy objectives:
- To restrict disclosure of personally identifiable records maintained by agencies.
- To grant individuals increased rights of access to agency records maintained on them.
- To grant individuals the right to seek amendment of agency records maintained on themselves upon a showing that the records are not accurate, relevant, timely, or complete.
- To establish a code of 'fair information practices' which requires agencies to comply with statutory norms for collection, maintenance, and dissemination of records.” Dept. of Justice, Overview of the Privacy Act of 1974, 2010 Edition.
Amendments. The Privacy Act was amended by the Computer Matching and Privacy Act of 1988. Congress later enacted the Computer Matching and Privacy Protection Amendments of 1990 (Pub. L. No. 101-508), which further clarified the due process provisions found in subsection (p). Dept. of Justice, Overview of the Privacy Act of 1974, 2010 Edition.
Privacy and Other Civil Liberties Implications. The Privacy Act “protects certain federal government records pertaining to individuals. In particular, the Act covers systems of records that an agency maintains and retrieves by an individual’s name or other personal identifier (e.g., social security number)…. In general, the Privacy Act prohibits unauthorized disclosures of the records it protects. It also gives individuals the right to review records about themselves, to find out if these records have been disclosed, and to request corrections or amendments of these records, unless the records are legally exempt.” Federal Trade Commission summary of the Privacy Act. The agency has ten days to either make the correction or to notify the requestor that the correction will not be made. 5 U.S.C. § 552a(d).
Exemptions to the Privacy Act protections are allowed for:
- the Census Bureau,
- the Bureau of Labor Statistics,
- routine uses (referring to external sharing of information outside the agency)
- archival purposes if the record has sufficient historical value,
- law enforcement purposes,
- congressional investigations, and
- other administrative purposes. 5 U.S.C. § 552a(b).
The Act requires agencies to “keep an accurate accounting” of information disclosures, except when the disclosure is made within the agency for routine administrative uses or made under the Freedom of Information Act (FOIA). The Act requires “each agency that maintains a system of records” to restrict the collection of information to only the information relevant to the purpose, to ensure the information remains accurate, to collect information directly from the subject whenever possible, and to tell the subject the purpose for which the information is being collected and the authority under which it is being collected. 5 U.S.C. § 552a(e).
Computer Matching and Privacy Act of 1988, 5 U.S.C. § 552a(b). Amended the Privacy Act of 1974 to address the use of records in automated matching programs.
Background and General Provisions. "The Computer Matching and Privacy Protection Act of 1988 amended the Privacy Act to add several new provisions. These provisions add procedural requirements for agencies to follow when engaging in computer-matching activities; provide matching subjects with opportunities to receive notice and to refute adverse information before having a benefit denied or terminated; and require that agencies engaged in matching activities establish Data Protection Boards to oversee those activities." Dept. of Justice, Overview of the Privacy Act of 1974, 2010 Edition; See 5 U.S.C. § 552a(a)(8)-(13), (e)(12), (o), (p), (q), (r), (u).
Privacy and Other Civil Liberties Implications. "Each agency that proposes to establish or make a significant change in a system of records or a matching program shall provide adequate advance notice of any such proposal (in duplicate) to the Committee on Government Operations of the House of Representatives, the Committee on Governmental Affairs of the Senate, and the Office of Management and Budget in order to permit an evaluation of the probable or potential effect of such proposal on the privacy or other rights of individuals." 5 U.S.C. § 552a(r).