STATEMENT OF THOMAS S. MC FEE DEPUTY ASSISTANT SECRETARY FOR MANAGEMENT PLANNING AND TECHNOLOGY DEPARTMENT OF HEALTH, EDUCATION, AND WELFARE BEFORE THE FOREIGN OPERATIONS AND GOVERNMENT INFORMATION SUBCOMMITTEE OF THE COMMITTEE ON GOVT

UNCLASSI Flftprovecnr Ifib 2002/09/03: CIA-RDf M60MIR~9130010-9 ^ SECRET ^ u USE ONLY ROUTING AND RECORD SHEET OLC TO: (Officer designation, room number, and building) 25X1A 25X OS (1 DDO RAB/I1DM&S (61- OFFICER'S INITIALS COMMENTS (Number each comment to show from whom to whom. Draw a line across column after each comment.) Attached HEW comments for your review. Excellent analysis, particularly as bill affects non- sensitive holdings, e. g. , personn 1 and medical records. The Committee staff does not consider our comments necessary, but we may want to do so where it serve our interest. OMB accepted our suggested change agreed to at our meeting yesterday. Hopefully, our langua e will be included in the draft to be circulated tomorrow. OMB has requested that we direct our report to the Committee to all three bills. I am preparing a first draft accordingly. If you have any comments on H. R. 13872 (Abzug), please advise me soonest. 25X1A AsI Approved For Releas$ 2002/0/03 : CIP -RDP76It400527R000700130010-9 USE PREVIOUS FORM EDITIONS 610 7_A') ^ SECRET ^ CONFIDENTIAL ^ USEE ONLY ^ UNCLASSIFIED  FOR RELEASE UPON DELIVERY Approved For Release 2002/09/03: CIA-RDP76M00 -9 DEPA'.-trMENT OF HEALTH, EDUCATION, AND WELFARE STATEMENT OF THOMAS S. MC FEE DEPUTY ASSISTANT SECRETARY FOR MANAGEMENT PLANNING AND TECHNOLOGY DEPARTMENT OF HEALTH, EDUCATION, AND WELFARE BEFORE THE FOREIGN OPERATIONS AND GOVERNMENT INFORMATION SUBCOMMITTEE OF THE COMMITTEE ON GOVERNMENT OPERATIONS HOUSE OF REPRESENTATIVES TUESDAY, FEBRUARY 26, 1974 Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 Mr. Chairman and Members of the Subcommittee: I am Thomas S. McFee, Deputy Assistant Secretary for Management Planning and Technology in the Office of the Assistant Secretary for Administration and Management, Department of Health, Education, and Welfare. I am accom- panied by Mr. Frank Samuels, who is Deputy Assistant Secre- tary for Congressional Liaison and Mr. David B.H. Martin, who is a Special Assistant to the Secretary and serves as head of our Fair Information Practice Staff. The Depart- ment is pleased to respond through me to your request for comments on H.R. 12206, a bill to amend Title 5 of the United States Code by adding immediately after Section 552 thereof a new section 552a. entitled Individual records. As you know, the Department is very sympathetic to the objectives of this proposed legislation. We have, for some time, been concerned particularly about the impacts on the rights of citizens resulting from computerized record- keeping. In. fact, it was this concern that led former Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 2 Secretary . Elliot. L. Richardson to establish the Advisory Committee on Automated Personal Data Systems. This Com- mittee, whose report, Records, Computers, and the Rights of Citizens, was issued last July and endorsed by Secretary Caspar W. Weinberger, recommended that the Congress enact a Code of Fair Information Practice. The objectives of H.R. 12206 are consistent with many of the principles set forth by the Advisory Committee. The Department is moving to implement as many of the recommendations of this Committee as possible. We have recently established a Fair Information Practice Staff that has picked up from the work of the Advisory Committee and is presently laying out an overall plan of action for the Department. We are sure you recognize that the implementa- tion of such far-reaching recommendations in an organiza- tion as complex and as large as HEW, requires careful planning and a commitment fr9m the top management of the Department. In establishing the new staff, Secretary Weinberger said, and I quote: "Until the implementation plan to be developed ...has been approved, the recommendations in the [Advisory Committee] report should be re- garded as general guidance for all offices and agencies of the Department. No action at vari- ance with any recommendation in the report should be taken in regard to any program, activ- ity or data system managed or funded by HEW with- out first obtaining my explicit approval." Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 3 It is the intention of the Department to develop a permanent institutional capability for the Department not only to implement the recommendations of the Advisory Committee report, but to assure continuous application of fair infor- mation practice safeguard re=quirements to the on-going management operations of the Department. It was for this reason that the Secretary chose to locate the new Fair Information Practice Staff as part of my office. The Office of Management Planning and Technology is charged with the overall policy direction of the Department's management and organizational systems. It is our purpose to ensure that the Department makes use of the most modern technological advances in the administration of its programs. We think it is appropriate that the Fair Information Practice Staff be located in this office: to be in the main stream of management policy-making within the Department, to impact on future legislative proposals with information systems implications; and to be at the core of the technical expertise that must be made sensitive to the need for safeguards for personal privacy. The Staff is independent of the other functions of my office, and I have charged it with main- taining a consciousness of the societal impacts of our technological applications. The Advisory Committee's concept of "fair information practice" is cast in the form of safeguard requirements for each of two major categories of automated personal data Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 4 systems: (i) administrative systems, which are used to affect individuals as individuals; and (ii) statistical- reporting and research systems which are not intended to have a direct effect on any given individual. The Advisory Committee was concerned mainly with computer-accessible records, but we see no reason why its recommendations could not also be applied to non-automated (manual) records. The concept of "fair information practice" on which the Advisory Committee's recommendations are based is not fully articulated in the subject bill. However, some of its provisions do resemble certain safeguard requirements proposed in the Advisory Committee's report. For this reason, and because of the Department's commitment to carrying out the Advisory Committee's recommendations, our comments on the bill will be made in the light of the Committee's report. All page references to the report are to the Government Printing Office edition of Records, Com- uters, and the Rights of Citizens, a copy of which has been sent to each member of the Congress. In the course of this statement, I shall speak of provisions of the bill and refer to them by their designation in the bill as provisions of its proposed new section 552a, and with page and line references to the bill. Scope of the Bill At the outset, we would like to offer two observations on the scope of the bill. First, the use of the word Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  5 Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 '"person" in Subsection 552(a) (line 8, page 1) would appear to make the bill apply not only to records about individuals but also to records about all types of organizations and associations. This results from the definition in paragraph (2) of section 551 of Title 5, United States Code, which establishes the meaning of the word "person" as used in subchapter II of Title 5 (to which the bill's proposed new Section 552a would be added). By this definition "person" includes not only an individual but also a partnership, corporation, association, and public or private organization other than a Federal agency. Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 We are inclined to believe that it would be preferable for the bill to apply only to records about individuals. The situation of organizations with respect to records that contain trade secrets, financial data, or information whose disclosure might adversely affect their reputations is not the same as the situation-of individuals with respect to information recorded about themselves. Depending on the circumstances, records about organizations may deserve protections commensurate with the protections afforded records about individuals. As a general rule; however, the interests that must be balanced in deciding how records about organizations are to be treated are different than those that must be taken into consideration when records about individuals are at issue. Thus, it is our view that the two types of records should be dealt with separately in separate legislative initiatives. The second observation we would offer is that the bill draws no distinction between administrative records and records that are used exclusively for statistical-reporting and research, even though the two types of records are functionally very different. Administrative records, by definition, are created and used to affect individuals directly, i.e., for making determinations relating to people's qualifications,' character, status, rights, opportunities, or benefits as individuals. Statistical-reporting and research records Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 on the other hand, although they may contain individually identifiable information, are not intended to be used to affect individuals directly. For any given individual to be harmed by the information contained in a statistical- reporting or research record, the record would have to be used for some purpose other than that for which it was originally created. Given this central functional distinction between the two types of records, it is clear that if the requirements of H.R. 12206 were made applicable to records maintained exclusively for statistical-reporting and research, they would grievously interfere with the conduct of statistical- reporting and research activities--to no useful end. If an agency can guarantee that a record it maintains about an individual will be used only for statistical-reporting and research, nothing will be gained (and indeed a great deal of time and effort may be lost) if the individual is per- mitted to see and copy the record at will. By the same token, if it can be assured that a record about an individ- ual will never be available for any purpose other than statistical reporting and research, it becomes superfluous to require that every access to the record be duly noted so that the individual presumably can be told, if he asks, by whom and for what purposes the record has been used. Most important, if individuals are permitted to alter information Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 about themselves in statistical-reporting and research re- cords (if they are permitted, for example, to revise or up- date their responses on a survey questionnaire), the value of such records for analysis is likely to be greatly dimin- ished. In sum, we urge that the same considerations that led the Secretary's Advisory Committee to treat statistical- reporting and research records differently from administra- tive records (Chapters IV and VI of the Committee's report), also require excluding from the scope of H.R. 12206 records that are maintained exclusively for statistiical-reporting and research, and which, by law, cannot be used for any other purpose. Useful guidance on. appropriate safeguards for statistical-reporting and research records will be found in Chapter VI of the report of the Secretary's Advisory Committee. Operative Provisions of the Bill Consistent with our observations on the practicable scope of the bill, we have confined our comments on H.R. 12206 to its provisions as they would apply to the administrative records that government agencies maintain about identifiable individuals. That is, our comments are made as if records about organizations and records used exclusively for statis- tical reporting and research were not included within the scope c =pp .oli,]Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 9 Notice of the Existence of a Record An earlier version of the bill, viz. H.R. 667, contained a provision that would have required each agency that main- tains or is about to maintain a record concerning an identi- fiable individual to so notify the individual by mail. We are pleased to see that this requirement has been omitted from H.R. 12206, because we believe that it would entail substantially greater cost and administrative burden than is necessary to assure that no individual is prevented from finding out whether an agency maintains a record about him. The Advisory Committee's report suggests alternative approaches to assuring that an individual is able to learn of the existence of records about himself. These approaches are described in 11(9), the Public Notice Requirement (pp. 57-58, 87, 99-101), and safeguard requirement 111(2), the right of an individual to be informed, upon his request, whether he is the subject of a record (p. 59). The Public Notice Requirement would oblige each govern- ment agency that maintains records containing personal data to publish, and have available for distribution, a notice containing the following information about the pertinent record-keeping system: - The name of the system; The nature and purposes of the system; The categories and number of persons on whom data are maintained; Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved. For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 10 - The categories of data maintained, indicating which categories are stored in computer-accessible files; - The agency's policies and practices regarding data storage, duration of retention of data, and disposal thereof; - The categories of data sources; - A description of all types of use made of data, indicating those involving computer-accessible files, and including all classes of users and the organi- zational relationships among them; The procedures whereby an individual can (i) be informed if he is the subject of data in the system; (ii) gain access to such data; and (iii) contest their accuracy, completeness, pertinence, and the necessity for retaining them; - The title, name, and address of the person immediately responsible for the system. In addition, safeguard requirement 111(2) would obligate the agency to inform an individual, who asks to know, whether he is the subject of data in the system and, if he is, to make such data fully available to him, if he wants to see it, in a form that will be readily comprehensible to him. We believe that these two safeguard requirements, in combination, would provide an effective means of enabling Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 11 an individual to learn that a government agency maintains a record of information about him. We suggest'that the Ad- visory Committee's recommended Public Notice Requirement might be enacted as an addition to subdivision (a)(1) of Section 552 of Title 5, United States Code (the so-called Freedom of Information Act). If this were done, however, it would be essential for subsection (c) of Section 552 to be amended simultaneously so as to assure that the exemp- tions therein provided would not apply to the Public Notice Requirement, and would therefore not constitute a means of contravening the cardinal principle of fair information practice, viz., that there Iust be no personal-data record- keeping system whose very existence is secret. Although the suggested means of accommodating the public notice requirement is only one of several possibilities, we do feel it vital that the change suggested, or an equivalent change, be incorporated in the present bill. Requiring a Public Notice of this kind would not only make possible the compilation of a "Citizen's Guide to Files" along the lines suggested in the report of the National Academy of Sciences Project on Computer Databanks. [Alan F. Westin (Project Director) and Michael A. Baker (Assistant Project Director), Databanks in a Free Society (New York: Quadrangle Books), 1972, pp. 362-864.1, but might also fulfill the objective Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R00070013001.0-9 of subdivision (c) of H.R. 12206, which now requires the President to report annually to'the Congress on the number of records and files to which the exemptions provided in subdivision (d)(1)-(2) are considered to apply. Notification of Disclosure The bill contains a provision, subdivision (a)(1)(A) (lines 4-16, page 2), requiring that an individual (or his family or guardian) be notified by an agency maintaining a record about him of any disclosure of information from that record to another agency or to any person not employed by the agency. We are very skeptical about the utility of this provision. It seems to assume that unless an indi- vidual receives actual notification of every disclosure of information about himself to someone or some agency outside the agency in whose custody the information resides, he will not know of such disclosures. We believe that this is un- realistic. We agree that an individual should be able to know what disclosures and uses are being made of record in- formation about him. However, we believe this goal can be effectively achieved by requirements that would be much less burdensome than this provision. For example, the disclosing agency could. simultaneously be required (i) to publish and have available for distribution a notice describing each record system in which it maintains personal record infor- mation and the types of uses and disclosures that are made of such information, and (ii) to respond affirmatively to a Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 request by an individual that he be notified of the particu- lar uses and disclosures that have been made of his record. This is the approach taken by the Advisory Committee through its safeguard requirement 11(9), the Public Notice Require- ment, coupled with its safeguard requirement III(4), which permits an individual to be informed, upon-his request, of all uses made of data about him. The Advisory Commit- tee's safeguard requirement 111(3) would further require that the individual's informed consent be explicitly ob- tained (not just that he be notified) before any use of individually identifiable data is made which is not within the stated purposes of the system as reasonably understood by the individual. The Advisory Committee's approach to apprising an indi- vidual of disclosures of record information about himself seems to us an effective means of accommodating both the individual's interest in knowing when and to whom informa- tion about him is disclosed and the disclosing agency's interest in assuring that the functions for which it main- tains records about individuals are not uselessly encumbered. In one single operation of the Social Security Administration, for example, transfers of information from the earnings re- cords of approximately 1 million individuals are made each quarter to the State agencies that administer the unemployment compensation program. If each year those 1 million individuals had to be notified 4 times, the resulting blizzard of paper Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 14 would not only innundate the mails and substantially increase the operating costs of the Social Security Administration, but it would also be contrary, we strongly suspect, to the reasonable expectations and preferences of most of the indi- viduals involved. The bill also contains a provision, subdivision (a)(1)(B) (lines 17-21, page 2), which requires that if a record must be disclosed under Section 552 (the Freedom of Information Act), the individual "concerned shall be notified by mail at his last known address of any such required disclosure." This requirement seems to us too broad. In its present form, the Freedom of Information Act contains only one dis- closure requirement to which the bill's provision (and the Advisory Committee's safeguard requirement 111(3), viz., that an individual's prior, explicit, informed consent be obtained before disclosing any data from a record about him if such disclosure is not within the stated purposes of the system as reasonably understood by the individual) would seem pertinent. Subdivision (a)(3) of the Act requires each agency to make available identifiable records upon request subject to an exemption from the requirement for each of nine cate- gories of "matters" listed in the Act's subsection (b). Seven of these exemptions are discretionary with the agency. One, exemption (5), is for "personnel and medical files and Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 15 similar files the disclosure of which would constitute a clearly unwarranted invasion of personal privacy." Noting that the Freedom of Information Act fails to provide for participation by an individual in a decision by an agency to release information about him which the agency might otherwise withhold under one of the discre- tionary exemptions, the Advisory Committee recommended that the Act be amended to require an agency to obtain the consent of an individual before disclosing in personally identifiable form exempted-category data about him, unless the disclosure is within the pur- poses of the system as specifically required by statute. (pp. 64-66) We suggest that the Advisory Committee's recommendation would be preferable to the bill's provision. It accepts the fact that there are records about individuals which are "public," i.e., disclosable to the public either be- cause of a specific statutory requirement or because they are subject to the general disclosure requirement of the Freedom of Information Act, and do not fall within one of the Act's exempted categories. As to such "public records," the Advisory Committee's view was that the individual need not necessarily be notified, at the agency's initiative, nor need his consent to the disclosure necessarily be obtained. Rather, an individual need only be afforded the right to learn, upon his request, that information in such records has been disclosed--a right that would be guaranteed by the Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R00070013001&-% Advisory Commir.. ;;4's recommended sr4fp guard requirements 1 (6) , that a record of all disclosures be kept, and III(4), that the individual be informed of all disclosures if-and-when he asks to know. (p. 62) (p.56) Access by Agency Employees The bill contains a provision, subdivision (a)(2) (lines 22- 25, page 2, and lines 1-2, page 3) that would prohibit the disclosure of record information within each agency to any individuals (presumably agency employees) other than those who need access to it in order to do their jobs. We would be surprised to discover any agency that does not now have some rules and procedures designed to limit access to its records by its own employees. At a minimum, an agency will want to discourage employees who have no job-related need to consult or work with its records from wasting their time. An agency is also likely to be concerned about protecting the integrity of its records (it does not want them lost or misplaced) and-about their disclosure or use for unintended purposes (always a potential source of embarrassment to an agency). However, we suspect that the restrictiveness of these internal access-limiting rules and procedures varies widely, and that in some. cases the rules could be more effec- tively enforced. Accordingly, we support the provision of H.R. 12206 which proposes to establish, as one legally re- quired restriction, that access by agency employees be job- related. Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 17 The Identity of Record Users The bill contains a provision, subdivision (a)(3) (lines 3-6, page 3), requiring agencies to maintain records of the names and addresses of persons to whom record information is divulged and the purposes of such divulgence. Presumably, is intended that these records of divulgence will become part of, or easily associable with, the record information available for inspection by the individual to whom the record pertains (pursuant to another provision of the bill). If so, this provision corresponds to the Advisory Committee's safeguard requirements 1(6), to maintain a complete and accurate record of every access and use of any data in the system, including the identity of all persons and organiza- tions to which access has been given, and 111(4), to inform an individual., upon his request, about the uses made of data about himself, including the identity of all persons and organizations involved and their relationship with the record- keeping system (pp. 56 and 62). We believe these requirements are sound and, for most systems, feasible, without costly modification of recording and storage. capability. Since questions have been raised as to the feasibility and cost of this requirement, other agencies will doubtless wish to expand on this issue. However, we be- lieve that the protection these requirements would afford the individual subject of a record is so fundamental to fair in- formation practice that it should be relaxed only in very Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  18 Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 exceptional cases, and then only where comparable protection can be guaranteed through other arrangements. Yet, for these very reasons we feel strongly that this protection must be provided in such a way as to assure that the record-keeping operations to which it is made applicable can continue to function effectively. Subdivision (a)(3) could have monstrous administrative consequences for the Social Security Administration, for example, since it is susceptible to the interpretation that a record must be maintained of every access to every agency record about each of the millions of individuals who are covered by SSA programs--records to which hundreds of SSA employees routinely have access for use in connection with the day-to-day administration of those programs. Similarly, the Department's personnel officials contend that if this provision were interpreted to require detailed documentation of every access to ordinary personnel records about Department employees--records that are frequently used or consulted by authorized persons in connection with routine personnel actions--not only would the added administrative burden be horrendous, but the lack of an apparent useful pur- pose would make the provision difficult to enforce. A record is now kept of all accesses to security records pertaining to Departmental personnel, but these records are maintained on only a small fraction of our employees. Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 19 Then too, officials of the Public Health Service have observed that it is accepted practice in hospitals and clinical centers to maintain a single record on each patient so that the record is constantly available for reference and updating each time there is contact between the patient and the professional staff. To maintain an accurate record of every person to whom information in such a record is divulged in staff meetings, clinical rounds, and patient care, we are told, would place a grave, wholly unnecessary burden on the staffs of hospitals and clinical centers. We are certain that subdivision (a)(3) is not intended to bring entire administrative record-keeping operations to a grinding halt or to add disproportionately to the admin- istrative costs of record-keeping operations. For example, the provision need not require that a record be made of the disclosure to an individual or..to an indi.vidual's.authorized representative of information in the individual's own record. Nor does it seem necessary to require that detailed records be kept about routine transfers or disclosures that constitute a normal part of the administration of the program, service, or treatment for which the records in question have been estab- lished and are being maintained. In the case of bulk transfers Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 20 of information about individuals, a log containing dates and names and addresses or other appropriate symbols sufficient to identify with certainty the agency, office, or organiza- tion to which such transfers have been made, should make possible for an agency to inform an individual, with reasonable accuracy, when and to'whom information about him has been routinely disclosed. This would hold whether the disclosure were to another operating unit within the same agency or to an outside agency or organization with whom the disclosing agency routinely interacts. By the same token, however, it would be necessary, and as far as we can tell it would also be practical, to keep a detailed record of every disclosure of information about an individual which is not part of the normal administration of the activity for which the disclosed information is maintained and which, signally, is beyond the reasonable expectations of the individual as evidenced by the absence of a clear and specific statement in the system's public notice that such disclosures are routinely made. We do not think, for example, that there is any need to keep individuals in the dark about the circulation.of their personnel records Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 among Federal.agencies, nor are we persuaded that consumer reporting agencies should have undocumented access to the records that a hospital or clinic maintains about its patients. These, in our view, do not constitute routine disclosures of personal information and should not be treated as if they were. Individual Right of Access The bill contains a provision, subdivision (4).(lines 7-10, page 3), designed to assure that individuals may inspect their records and obtain copies at their own expense, with a limitation on the charge that an agency may make for such copies. This provision corresponds to the Advisory Committee's safeguard requirement 111(2) (pp. 59-611). We regard this as a desirable provision, and would like to see it stipulate further that if an individual so requests, re- cord copies must be made- available to him in..a form he can easi -rrpreind. We also think that care should be exer- cised in defining the phrase "inspect his own record" and in setting "cost to the agency" as the maximum that an indi- vidual may be cAarged for a copy of his record. Inspecting a record should not be restricted to mean "in person," visual scanning, for this might effectively vitiate the utility of the right sought to be given the individual, but rather should assure that an individual can (1) learn in a manner that is reasonably simple and efficient for him what information is in a record about him, and (2) obtain a copy Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 22 of a record containing information.. about him... without- app, 6a.-iing in person to ask for it or to pick it up. Cost can be a significant determinant of the ease with which an individual can obtain a copy of his record. De- pending on the character of its records--their scope, form, location, indexing, etc.--an agency's cost for providing a copy may vary from nominal to substantial. For example, searching to find a record or assembling it from several scattered sources might be very expensive and might be interpreted as a necessary element of the cost of providing- a copy. If so, the charge to the individual might be so great as effectively to vitiate his right to obtain a copy. An individual should not be required top.ay.a high fee, even though cost-related, for a copy, of his record, especially if the expense to the agency is due to its failure to adopt record-keeping practices that would enable it to respond efficiently and. economically to. individual requests. Within the scope of agency records covered by the bill, this provision would give an individual the right to inspect and have copies of all types of information about himself. .The bill, in this respect, is completely in harmony-with the Advisory Committee's report (pp. 59-.61). Yet, as the Advisory Committee recognized, such a right to full access is incon- sistent with existing practice in some situations. The Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-92 3 medical profession, for example, often withholds from a patient his own medical records, if knowledge of their con- tent is deemed harmful to him. In some situations a patient might be led to despair or ever.: suicide if he were given uninterpreted information from the record of his treatment for a psychiatric illness. In other situations, premature release to a patient of information in his medical records .could seriously impair therapy. It should be clear that an agency could establish, by regulations adopted after public notice and comment, proce- dures designed to assure that the timing of a disclosure or interpretation to the individual of information in his re- cord will not seriously harm the health, safety or welfare of the individual. Of course, any such regulations must not serge to frustrate completely the individual's right of Accuracy of Records The bill contains a provision, subdivision (a)(5) (lines 11-14, page 3)., which gives an individual the right to supple- ment his record with information that he deems pertinent to it, and a further provision, subdivision (a)(6) (lines 15-17, page 3), designed to assure that an individual may have erroneous information removed from his record and have other agencies and persons to whom the erroneous material has been communicated notified of the removal. These provisions cor- respond closely to the Advisory Committee's safeguard require- Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 24 ment 111(6), which obligates a record-keeping organization to have procedures that (i) allow an individual who is the subject of information in a record to contest its accuracy, completeness, pertinence, and the necessity for retaining it; (ii) permit the information to be corrected or amended when the individual to whom it pertains so requests; and (iii) assure, when there is disagreement with the individual about whether a correction or amendment should be made, that the individual's claim is noted and included in any subse- quent disclosure or dissemination of the disputed informa- tion (p. 63). In the Advisory Committee's report, however, this safeguard requirement is reinforced by two others for which there are no corresponding provisions in H.R. 12206. one, safeguard requirement 1(7), exposes a record-keeping organization to civil suits if it does not maintain its records with such accuracy, completeness, timeliness, and pertinence as. is necessary to assure accuracy and fairness in any determination relating to an individual's qualifica- tions, character, rights, opportunities, or benefits that may be made on the basis of information in its records. The other, safeguard requirement 1(8), would also place a record- keeping organization in peril of suit if it did not eliminate stale information from its computer-accessible files. Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 25 Disclosure of Identity of Information Sources The bill contains a provision, subdivision (d), (lines 10-13, page 4), to the effect that it shall not be held to permit disclosure of the identity of any person who has furnished information contained in an individual's record. The Advisory Committee took a clear and firm position in its report on the issue of giving individuals the right to know the sources of recorded information about themselves. ..we cannot accede in general to the claim that the sources of recorded comments of third parties should be kept from a data subject if he wants to know about them. Disclosure to the data subject of the sources of such comments may be difficult for organizations that have promised confidentiality. Modifying the data subject's right of access in order to honor past pledges may be necessary. However, the practice of recording data provided by third parties, with the understanding that the identities of the data providers will be kept confidential, should be continued only where there is a strong, clearly justified societal interest at stake. Elementary considerations of due process alone cast grave doubt on the propriety of permitting an organiza- tion to make a decision about an individual on the basis of data that may not be revealed to him or that have been obtained from sources that must remain anonymous to him.... (p. 61) As a matter of principle, we are strongly attracted by the Advisory Committee's reasoning. We are aware that the issue of confidentiality of sources of information is controversial. For example, the Department's investigative officials contend that the practice of-seeking information .from confidential sources is important to the current program Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 26 of security and suitability investigations conducted by the Federal government. Personnel officials concede that some confidential respondents provide information that is not accurate or fair but state that such responses can usually be discerned and discounted by comparison with other reports. They also point out that the individual, in any event, is protected by procedures that assure that when any adverse action is proposed, all pertinent information is disclosed to him-- with the identity of the source protected by preparing sum- maries of the information. It is clear that the present practices with regard to records of information collected and maintained in security and suitability investigations for Federal employment derive from Executive Orders and regulations of the Civil Service Commission, both of which are outside the scope of authority and competence of any single Federal agency. All agency comments about the impact that any provision of the bill would have on such records, and about Federal personnel records generally, must therefore defer in considerable measure to the views of the Executive Office of the President and of the Civil Service Commission. The Department of Health, Education, and Welfare has relatively few positions whose sensitivity derives from Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 considerations of the adverse impact which their incumbents can have on matters relating to the national defense or the conduct of foreign policy. The present scope of application of "security" and "suitability" investigations (with re- liance on confidential-sources whose identity, in accordance with current rules and practices would not be disclosed to individual applicants and employees) is far broader than the range of those positions. Whatever the justification for using confidential sources in investigations for some range of jobs in the Federal government, we are confident that a blanket pro- hibition on disclosing the identity of sources of record information to the record subject would constitute unsound public policy--particularly in legislation whose purpose is to recognize and protect the interest of individuals in records that-government agencies maintain about them. Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 28 Exemptions The bill contains three significant exemptions from all its provisions: (i) records that consist exclusively of information obtained directly from the individuals to whom the records pertain (subdivision (a), lines 1-2, page 2); (ii) records required by Executive Order to be kept secret in the interest of national defense and foreign policy (subdivision (b)(1), lines 18-20, page 3); and (iii) investigatory files compiled for law enforce- ment purposes (subdivision (b)(2), lines 22-24, page 3, lines 1-3, page 4). By way of comment on these exemptions, we would first call attention to the Advisory Committee's discussion of the possibility of making exemptions from its recommended safeguard requirements. ....because the safeguards we recommend are so basic to assuring fairness in personal data record keeping, any particular system, or class of systems, should be exempted from any one of them only for strong and explicitly justified reason. If organizations maintaining personal data systems are left free to decide for themselves when and to what extent to adhere fully to the safeguard requirements, the aim of establishing by law a basic code of fair information practice will be frustrated. Thus, exemptions from, or modifications of, any of the safeguard requirements should be made only as specifically provided by statute, and there should be no exemption or modification unless a societal interest in allowing it can be shown to be clearly paramount to the interest of individuals in having the requirement imposed. 'Societal interest,' moreover, should not be construed as equivalent Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 to the convenience or efficiency of organizations that maintain data systems, the preference of a professional group, or the welfare of individual data subjects as defined by system users or oper- ators.... (pp. 52-53) (i) The first exemption provided for in the bill is implicit in the language of subdivision (a) which describes the types of records to which the bill applies: "...records concerning any person...which contain any information ob- tained from any source other than such person...." The effect of this language is to exclude from the protections afforded by the bill all records consisting exclusively of information obtained from individuals to whom the records pertain. We find this puzzling not only because a large proportion of the records that government agencies maintain about individuals are of that character, but also because the information in such records is almost as likely as information provided by third parties to be erroneously recorded, incomplete, stale, and copied, or transferred to others. Accordingly, we believe that records composed exclusively of information that individuals have provided about themselves should be subject to the same rules as records containing information obtained from other sources. (ii) We are also concerned about the exemption pro- vided in the bill for records required to be kept secret in the interest of national defense and foreign policy. Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 The terms "secret" and "interest of national defense and foreign policy" are susceptible to subjective, overly broad, and therefore controversial, interpretation. This is likely to lead, at best, to conflict over interpreta- tions of the exemption, and at worst, to frustration of the bill's objectives with respect to sizeable categories of records maintained by government agencies. We suggest that any provision designed to exempt records in the interest of national defense and foreign policy be drafted so as to describe as specifically as possible particular types of records about individuals and particular factual circumstances to which the exemption applies, further suggest that such a provision be limited in its effect to enabling an agency to refuse to give access and copies to an individual of particular information in his record (as distinct from the entire record) if disclosure to the individual of that particular information would adversely affect the national defense or the conduct of foreign policy as determined with reference to carefully speci- fied standards for applying the concepts of "adverse effect," "national defense," and "conduct of foreign policy." Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 31' (iii) The exemption for records that are "investi-:. gatory files compiled for law enforcement purposes" is presumably intended to prevent individuals who are under investigation as alleged or suspected violators of law from having the rights provided by the bill. Such an exemp- tion reflects the desirable purpose of assuring the effec- tiveness of the work of law enforcement agencies which might be undermined if individuals being investigated for suspected criminal conduct could, for example, gain access to the records of the investigation. The billb provision contains two exceptions from this exemption: one for stale investi- gatory records, i.e., records that "have been maintained for a longer period than reasonably necessary to commence prosecution or other action"; the other for investigatory records that are "available by law to a party other than an (other] agency. " We have several comments about this exemption. The scope of the exemption is susceptible to a broader interpretation than may be intended and than we would regard as desirable. Its scope could be clarified by changing the phrase "investigatory files compiled for law enforcement purposes,..." (lines 22-23, page 3) to "compiled for the purpose of investigating or prosecuting criminal conduct,..." As it stands, the term "law enforcement purposes" might be interpreted to encompass almost any Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 32' public administration function. The change we suggest would confine the exemption to investigatory records compiled for enforcement of laws whose violation is a criminal offense. By so limiting the exemption, an individual's protection vis-a-vis the use of an investigatory record would be that now afforded by the Constitutional guarantee of due process and by laws that establish limitations on the exer- cise of the police power, including civil remedies and penalties that may be imposed to enforce such limitations. Similarly, the purposes of the two exceptions from the exemption for investigatory records need to be clarified. We assume that one purpose of both exceptions is to provide protections not now afforded individuals in the event that information from investigatory records about them is made available or used for purposes other than criminal law enforcement. This would explain the exception for stale investigatory records--the first exception--which should encourage their destruction or their retention in some form that would make them difficult to retrieve or that would make it impossible to identify the individuals to whom they pertain. It would also explain -the second....exception for.,inues.tigatory .records that are transferred to "a party other than an agency." In our view, however, this second exception is in need of further refinement. Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 As it now reads, its effect would be to apply the bill's requirements to investigatory records that may by law be made available to third parties other than another Federal agency. In other words, if a Federal agency that compiles a criminal investigatory record on an individual is authorized by law to share that record with some non-Federal agency(a third party that is not an agency according to the terms of the exception),the investigated individual would, for example, be entitled to gain access to the record once it had been transferred. Obviously, there are difficulties here--both from the standpoint of assuring the efficacy of criminal law enforcement and also from the standpoint of protecting the individual. What is needed, we think, is for the exception to take more detailed account of the character of accessibility of the investigatory record outside the agency compiling it. From the agency's standpoint, the exemption for criminal investigatory records should not be affected by reason of the records' being available to any other public agency (whether Federal, State or local) for the sole purpose of criminal law enforcement. From the indi- vidual's standpoint, the exemption should not deprive him of the bill's protections when investigatory records are made available to anyone outside the agency compiling them for any purpose other than criminal law enforcement. As the exception now reads, however, the exemption would apply only when records are available by law to a _party other than a Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R00070013001# Federal agency r without regard to the purpose of_ avail- ability. The interests of both law enforcement agencies and individuals could be accommodated by changing the second exception from the exemption for criminal investigatory records to make clear that such records are exempted only when their availability is strictly limited to other public law enforcement agencies for purposes of criminal law enforcement. In this way the bill's protections for indi- viduals would apply to investigatory records whenever such records are available--by law, custom, policy, or in fact-- to any party other than the compiling agency for any purpose other than criminal law enforcement. if this exemption were modified in the way we suggest, the bill would be more effectively responsive to the wide- spread public concern about inappropriate uses of investigatory files. Application to "Confidential" Records The bill contains a provision, subdivision (g) (lines 1-3, page 5), to the effect that it shall not be construed "to permit the transfer or similar distribution of any information deemed confidential by other statutes." We appreciate the need to assure that no agency will interpret the bill's stricture on the disclosure of record information about an individual without notifying him that it is doing Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 35 so, subdivision (a)(1)(A)., as a license to transfer to any other agency,, or to any other person than the individual to whom it pertains, information in a record whose dis- closure is now prohibited by statute. We are not certain, however, that this is the problem to which subdividion (g) is addressed. Read literally, the provision would exempt all records, or any information in a record "deemed confidential by other statutes;' from the bill's requirement that an individual be allowed to inspect and have copies of a record about himself. Since a principal objective of H.R. 12206, as we understand it, is to give individuals a general right of access to the records that agencies maintain about them--a right which, in our view, is fundamental to the concept of fair information practice--we are troubled by the possibility of such a literal reading. For a general right of access to be fully effective, we feel that it must not be susceptible to curtailment by agency claims that in the absence of any specific statutory requirement to the contrary, information deemed confidential by law should not be accessible even to the individual concerned. We have already stated our views on the issue of with- holding from individuals the identities of sources of information in records about them. Essentially, our position was that there should be no blanket prohibitions on the Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 disclosure of sources and we suggest that the same rule ought to apply here. If the individual's right of access to information in a record about him is to be curtailed at all, it should be done by specifying the particular. types of records, or information in records, to which the individual is to be denied access, rather than through general language which invokes unspecified provisions of other statutes. Sanctions We come now to the mechanisms for making effective the requirements in the bill. The bill would require implementing regulations to be issued by each agency, subdivision (e) (page 4), and would impose a $1,000 fine on any agency employee who knowingly and.wili lly violates, or permits a violation, of any requirement under the color of agency authority, subdivision (f) (page 4). The bill, however, makes no provision for individuals to seek court enforcement of its requirements. In this regard, the Advisory Committee's approach to making its safeguard requirements effective may_be__of some help. (pp. 42-44). The Committee recommended that any statute establishing a code of fair information practice should Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 37 o Define "fair information practice" as adherence to specified standards--the safeguard requirements; o Prohibit violation of any safeguard requirement as an "unfair information practice"; o Provide that an unfair information practice be subject to both civil and criminal penalties; o Provide for injunctions to prevent violation of any safeguard requirement; o Give individuals the right to bring suits for un- fair information practices to recover actual, liqui- dated, and punitive damages, in individual or class actions; and provide for recovery of reasonable attorneys' fees and other costs of litigation in- curred by individuals who bring successful suits. The purpose of these provisions was clearly to estab- lish individual rights and to provide means for individuals to assert their rights. In this way, the Committee sought to create incentives for record-keeping organizations, including government agencies, to adhere closely to basic principles of fair information practice. Compared with the Committee's recommendations, we believe that the enforcement mechanisms in H.R. 12206 lack much in likely effectiveness. Specifically-- o A signal deficiency of the bill is its failure to provide individuals the right to seek court enforce- ment of their rights. Any such provision should also provide for recovery by successful litigants of litigation costs and attorneys' fees which are otherwise likely to constitute substantial disin- centives to the prosecution of enforcement suits by individuals. o The provision in the bill imposing fines on individual agency employees for acting under color of agency authority appears to us>: to be unsound Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 38 as a matter of policy. The requirements imposed by the bill create agent obligations. Liability for their violation should therefore be imposed on the agency, which in turn should be required to impose established sanctions for the improper conduct of its individual employees. If there is to be individual employee liability, it should not be avoidable because the: employee's actions were not asserted to be authcrized by the agency--or because he was ignorant of the law. Effective Date The bill would make its requirements regarding agency records effective 90 days after enactment. We believe that this does not provide enough time for agencies to make the substantial changes in record-keeping policy and practice that are called for by these requirements. Conclusion We wish to summarize our position as follows. o We oppose enactment of H. R. 12206 as drafted. o We are equally committed to the objectives of the bill. o The problems which enactment of this bill would create suggest the need for further review. Many of the issues with which the bill seeks to deal are addressed in the Advisory Committee's report, from which we have drawn extensively in this statement. Nevertheless, more needs to be learned about the cost and other operational implications of a number of the Advisory Committee's approaches before we can be assured that the practices that would result will not cause abuses as onerous as those we are attempting to preAiiR-roved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 39 We anticipate that other agencies of the government may have views about some issues dealt with by the bill which differ from ours. We would urge that opposition to require- ments of fair information practice should not be honored in a blanket fashion, but, if at all, only in the form of very narrowly and specifically drawn exemptions, and then only where a clear and convincing demonstration has been made of societal interest paramount to that of individual record- subjects. We recognize that the concept of "paramount societal interest" is a rather general and abstract standard. To sharpen this standard, we suggest that assertions of custom, bureaucratic convenience, and professional preference be distinguished from societal interest. Any claims for ex- ception or exemption should be well documented--not just asserted. If financial costs, manpower deficiencies, adminis- trative or technical difficulties, or other similar practical obstacles are argued to require relief from fair information practice requirements for particular records or types of re- cords, such arguments should be carefully scrutinized to sub- stantiate these claims. In the absence of more specific standards and criteria, we are faced with the equally undesirable alternatives of broad categorical exemptions or the broad, abstract standard of paramount societal interest. Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9  40 Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9 Barriers to establishing policies of fair information practice are likely to include bureaucratic intransigence, psychic resistance to change, and the inertia of present practices. They must not be allowed to frustrate the desirable objectives of fair information practice. The President has recognized the need for firm action by establishing a Domestic Council Committee on the Right of Privacy to address the thorny issues which confront us. it is clearly time to translate abstract principles into concrete policies and practices. Through the legislative process and. the: parallel but complementary actions of the Executive Branch, we can do so. Approved For Release 2002/09/03 : CIA-RDP76M00527R000700130010-9