NCJ Number
57969
Date Published
1977
Length
52 pages
Annotation
THE IMPACT OF LEGISLATION IN THE AREA OF INDIVIDUAL PRIVACY ON THE COMPUTER INDUSTRY IS ASSESSED IN TERMS OF MANAGEMENT, DATA ACCURACY AND FLOW, HARDWARE AND SOFTWARE SYSTEMS, AND COSTS.
Abstract
THE RIGHT TO PRIVACY MUST BE BALANCED AGAINST EQUALLY VALID PUBLIC INTERESTS RELATED TO FREEDOM OF INFORMATION, NATIONAL DEFENSE, FOREIGN POLICY, AND LAW ENFORCEMENT. THERE ARE THREE APPROACHES TO THE REGULATION OF PRIVACY ON THE INTERNATIONAL LEVEL: (1) ADMINISTRATIVE SELF-REGULATION, EMPLOYED BY THE BRITISH; (2) OMNIBUS LICENSING AND REGULATION, THE APPROACH OF SWEDEN AND GERMANY; AND (3) AREA BY AREA PROVISIONS FOR COURT-ENFORCEABLE CITIZEN RIGHTS, THE U.S. VIEWPOINT. THE PRIVACY ACT OF 1974 APPLIES TO FEDERAL AGENCIES AND PRIVATE CONTRACTORS WHO PERFORM RECORDKEEPING SERVICES FOR A FEDERAL ENTITY. FIVE BASIC PRINCIPLES INCORPORATED IN THIS ACT INCLUDE THE FOLLOWING: SECRET PERSONAL DATA RECORDKEEPING SYSTEMS ARE FORBIDDEN; AN INDIVIDUAL MUST BE ABLE TO FIND OUT WHAT INFORMATION IS IN A RECORD AND HOW IT IS USED; AN INDIVIDUAL CAN PREVENT INFORMATION OBTAINED FOR ONE PURPOSE FROM BEING USED OR MADE AVAILABLE FOR ANOTHER PURPOSE; CORRECTIONS OR AMENDMENTS TO A RECORD OF IDENTIFIABLE INFORMATION CAN BE MADE; AND ANY ORGANIZATION CREATING, MAINTAINING, USING, OR DISSEMINATING RECORDS OF IDENTIFIABLE PERSONAL DATA MUST ASSURE THE RELIABILITY OF DATA TO PREVENT ITS MISUSE. QUESTIONS THAT MUST BE RESOLVED CONCERNING THE MANAGEMENT OF PERSONAL INFORMATION ARE THREEFOLD. FIRST, IF COMPUTER INSTALLATION PERSONNEL HAVE IMPLEMENTED ALL POSSIBLE MEASURES TO PROTECT AN INDIVIDUAL'S PERSONAL DATA, YET PERSONAL DATA ARE STILL OBTAINED BY UNAUTHORIZED MEANS, WHO IS RESPONSIBLE AND LIABLE FOR LEGAL PENALTIES? SECOND, IF STATE-OF-THE-ART TECHNOLOGY IS TO SOLVE THE PROBLEM OF A COMPLETELY SECURED AUTOMATED SYSTEM, IS THE COMPUTER INDUSTRY LEGALLY RESPONSIBLE FOR PERSONAL DATA OBTAINED THROUGH UNSOLVABLE TECHNICAL METHODS? THIRD, TO WHAT EXTENT SHOULD THE COMPUTER MANAGER IMPLEMENT PROCEDURES TO ASSURE THAT PRIVACY LEGISLATION IS APPROPRIATELY IMPLEMENTED? DATA ACCURACY CAN BEST BE ACHIEVED THROUGH INPUT VALIDATION PROCEDURES. PROBLEMS RELATED TO COMPUTER HARDWARE REST PRIMARILY WITH TELECOMMUNICATION SYSTEMS AND OLDER COMPUTER SYSTEMS THAT DO NOT HAVE THE NECESSARY SECURITY CHECKS AND PROTECTION MECHANISMS AVAILABLE IN THIRD-GENERATION COMPUTER SYSTEMS. AN ADDITIONAL PROBLEM IS THE COMPATIBILITY OF LEGAL RECORDS WITH COMPUTER RECORDS. SOFWARE AUDITING PROCEDURES ARE ESSENTIAL TO INSURE AUTHORIZED ACCESS AND TO MINIMIZE UNINTENTIONAL MODIFICATION OF DATA. A A BIBLIOGRAPHY IS PROVIDED. (DEP)