NCJ Number
45665
Date Published
1975
Length
27 pages
Annotation
IT IS DETERMINED THAT THE COSTS OF IMPLEMENTING PRIVACY PROTECTION REQUIREMENTS ARE MINOR WHEN COMPARED TO ROUTINE OPERATING COSTS OF DATABANK SYSTEMS.
Abstract
EXISTING AND PENDING LEGISLATION AS OF APRIL 1975 DEALING WITH PRIVACY REQUIREMENTS FOR DATABANK-KEEPING ORGANIZATIONS ARE DESCRIBED. A QUALITATIVE ANALYSIS OF THE COST FACTORS ASSOCIATED WITH THE IMPLEMENTATION OF THESE REQUIREMENTS SHOWS THAT: (1) IT MAY BE POSSIBLE TO SATISFY NOTIFICATION REQUIREMENTS IN THE COURSE OF REGULAR COMMUNICATIONS FROM THE DATABANK ORGANIZATION TO THE DATA SUBJECTS; (2) SPECIAL PERSONNEL, EQUIPMENT, AND FACILITIES WILL BE REQUIRED TO SATISFY DATA SUBJECTS' INSPECTION REQUESTS, REVIEW DISPUTED DATA ITEMS, HANDLE PERSONAL SECURITY, AND ENFORCE INTERNAL PROCEDURES AND RULES; (3) DETAILED TRANSACTION LOGS MUST BE SET UP AND TRANSACTION RECORDS MAINTAINED FOR PERIODS AS LONG AS 5 YEARS; (4) NEW DATA FIELDS MAY BE NEEDED IN PERSONAL FILES TO RECORD INFORMATION ON VARIOUS INTERACTIONS OF DATA SUBJECTS WITH THE DATABANK-KEEPING ORGANIZATION, THE AGE AND SENSITIVITY OF CERTAIN DATA ITEMS, SUPPLEMENTAL INFORMATION OR REBUTTAL STATEMENTS SUBMITTED BY THE INDIVIDUAL, AND POINTERS TO TRANSACTION HISTORIES THAT IDENTIFY PAST USERS AND USES OF THE SUBJECT'S PERSONAL FILE; (5) A RELATIVELY MODEST AMOUNT OF COMPUTER TIME WILL BE REQUIRED FOR HANDLING THE MORE ROUTINE INTERACTIONS WITH DATA SUBJECTS; AND (6) COMPUTER TIME AND STORAGE SPACE WILL BE REQUIRED FOR IDENTIFICATION AND ACCESS-CONTROL PROGRAMS. (AUTHOR ABSTRACT MODIFIED--RCB)