accommodation of interests will vary from culture to culture and country to country as values differ.

In developing information systems, we believe the following principles should be among those considered:

The need to determine whether information to be collected is relevant to the purpose for which it is sought and whether it is required to be collected at all The need to give the individual notice of and access to information stored about him contained

The need to limit information systems to specific uses

The need to regulate the use and transfer of information in such systems The need to check and update information contained in these systems, supervise operation of the systems, and monitor their expansion into new areas or enlarged data-sharing operations

The need for sanctions to enforce the safeguards established.

To transform these principles into operation requires

The creation of a consciousness on the part of managers of record systems about the rights of privacy and access to information

A process of public review of the goals, organization, procedures, and safeguards of record systems, preferably by a legislative body or administrative authority charged with insuring full consideration of the issues of individual rights

An appropriate forum, judicial or administrative, before which individuals can bring complaints in particular cases.

We believe that the capabilities of computer technology can and should be taken full advantage of in the design of the protective mechanisms we have recommended. Once these measures have been taken, we look toward the fruitful use of information systems to help governments and private organizations carry out the responsibilities for public policy and social progress with which they are charged. The principle we recommend should lead to the growth of greater public trust in the use of properly controlled information systems. Without this trust, the benefits of information systems cannot be realized in democratic societies.

We view the evolution of legally enforcable rights and effective remedies as being as important for the future application of computer technology as the successfull development of the technology itself.

[From the Congressional Record, June 17, 1974]

THREAT TO PRIVACY

(By Senator Charles H. Percy of Illinois)

Mr. PERCY. Mr. President, on Tuesday morning, the Government Operations Committee, in conjunction with the Constitutional Rights Subcommittee will begin hearings on a subject of critical importance to every American: personal privacy.

The focus for our hearings is a bill introduced by the Committee's distinguished Chairman Senator Ervin, Senator Muskie and myself to establish every American's right to keep personal information private and to safeguard that right with criminal and civil protections.

The bill is companion to one introduced in the House by Congressman Barry Goldwater, Jr. and Congressman Edward Koch, whose efforts I commend. It is the result of a deepening public concern about privacy invasions. These invasions are fast becoming the rule-not the exception-in American life.

The burgeoning abuse of the right of individual privacy results partly from a greatly increased capability of even a moderately endowed private or public organization to obtain, store and use vast quantities of information about people. This phenomenal technical information-handling ability is abetted by the absence of regulation (except in the area of credit information). The result is a tremendously increased potential for damaging misuse of personal information-data that the person under scrutiny does not know is so readily available. But even more important is the startling, ominous propensity of an increasingly powerful government to use information in ways that hurt individuals direct and dramatically.

In Mendham. New Jersey, a young high school student, at the suggestion of her social studies teacher, wrote the Young Socialist Alliance in New York City 37-583-74-pt. 221

asking for information. Several weeks later an FBI agent visited the school's principal and other people who knew Lori Paton, to make inquiries about her. The FBI made a "notation" in its files about Miss Paton's innocent inquiry, and its agents wrote a memorandum for FBI files recording their "investigation" of Miss Paton. The FBI claimed that its knowledge of the student's inquiry was obtained from surveillance on all incoming mail to the Young Socialist Alliance. Under the law, such a "mail watch" is legal if it does not delay the mail and if it is confined only to data drawn from the outside of the envelope. The critical issue here is the potential lifetime damage to the reputation and career of a completely innocent teenage girl about whom an FBI "notation" and "memorandum" will always exist, unless she succeeds in having it expunged from the files of the FBI.

This is an example drawn from the more normal course of events. The FBI must make hundreds, perhaps thousands of such "notations" (we regrettably cannot know) each week.

POLITICIZATION OF THE IRS

What about malicious, politically-motivated invasion of the right of privacy? One of the most insidious abuses is attempted use of Internal Revenue Service data for political purposes.

Certain member of the present Administration at the outset of tis first term, made strong efforts to make the Internal Revenue Service "politically responsive." A memorandum from White House aide, Tom Charles Huston to the Assistant to the Commissioner of the IRS of August 14, 1970 refers to a July 1, 1969 White House request that IRS review the operations of "Ideological Organizations." Huston's August 14 memo asked IRS to report on its implementation of that request. The IRS response, signed by then IRS Commissioner Randolph Thrower and dated September 19, 1970, explains the operations of a so-called "Special Service Group" that had been established in IRS to monitor the tax status of "organizations and individuals promoting extremist views and philosophies." Thrower's rationale for creation of that outfit was that it was necessary "to avoid allegation that extremist organizations ignore taxing statutes with impunity." Mr. Thrower's September 1970 report indicated that by then approximately 1,025 organizations and 4,300 individuals had already been examined by the IRS.

On September 21, Huston wrote to Assistant to the President, H. R. Haldeman indicating strong dissatisfaction with IRS action on the President's July 1969 request. He noted then that "What we cannot do in a courtroom via criminal prosecutions to curtail the activities of some of these groups, IRS could do by administrative action."

Subsequently, an undated "IRS Talking Paper" was developed, outlining, from the perspective of the White House, the case against the IRS and its lack of political responsiveness. The document suggests that "Walters (who succeeded Thrower) must be made to know that discreet political actions and investigations on behalf of the Administration are a firm requirement and responsibility on his part." Another suggestion of the "talking Paper" is that Counsel to the President, John Dean, should have "assurance that Walters will get the job done."

On June 12, 1972, Charles Colson, Special Counsel to the President, wrote Dean asking for an IRS check on Harold J. Gibbons, a Teamsters Union Vice President in St. Louis, whom Colson described as a "McGovernite, ardently antiNixon." This document would suggest that a connection between Dean and IRS had indeed been established and that IRS had become more "politically sensitive" in the manner outlined in the "IRS Talking Paper."

It is unclear whether there is evidence showing that the IRS did become politically responsive in a manner demanded by the White House. However, we do know that the issue was pressed.

The Joint Committee on Internal Revenue Taxation, which has direct oversight over the IRS, has filed an interim report on its investigation of the matter. This report shows that the subjects of special audits and investigations have not been treated more harshly than other taxpayers. But the Joint Committee was denied access to files of the Special Service Group. This renders the Joint Committee's study virtually useless. But, the fact that the politicizing of the IRS was attempted is beyond doubt.

The success of the effort to compromise this key agency's integrity is still in question. But the central question is not the attempt to politicize this agencydreadful as that is. It is the doubt created in the minds of the American people—

justifiable concern that information of an extremely personal nature might be made available to other agencies, including the White House, for political purposes.

The bill I have introduced with Senator Ervin to establish and protect personal privacy rights would remedy such abuses.

In the case of the Mendham High School student, the bill would provide her and her parents with ready access to the FBI files about her. She would have the right to examine the records and prove, if she can, the incorrectness of anything in her file. A correcting statement would be added to her file.

To eliminate politically motivated punishment by the government, the bill would require the IRS to make notations of each instance in which a file was made available to another government organization or outside person, not having regular access authority. A record of such accession or transfer must be kept.

The privacy right that S. 3418 establishes for individuals is comprehensive.

It establishes the right of a citizen to be informed whether he or she is the subject of private organization or government files. If the bill passes, in two years each individual must be told that he or she is the subject of a data file. At any other time that an individual asks, he must be informed of the fact that he is a "data subject".

The bill establishes the right to inspect all personal information contained in one's file, to learn the nature and sources of the data, and the identity of each recipient of personal data.

The bill establishes the right of every data subject to challenge, correct, or explain personal information, to demand an investigation of disputed information, to demand purging of inaccurate information and to include a 200-word personal correction of one's file.

The bill establishes the right to be informed and to give or withhold consent before personal data is given to anyone not having "regular access authority." It establishes the right to be apprised of the intended use of information and the consequences of giving or not giving permission.

The bill establishes the right to have one's name removed upon request from any organization's mailing lists. The purpose of this section is to protect citizens from unwarranted harassment.

S. 3418 defines standards for the collection, use and disclosure of personal information by government and private organizations. These standards include the following:

Personal information collection is limited to what is necessary for a "proper" function of an organization.

Information should be collected from the individual himself whenever possible. Categories of confidentiality must be established, with various levels of controlled access to information.

Data files must be policed for accuracy, completeness and pertinence by the organization maintaining them.

The organization must maintain a list of users having regular access authority.

A complete record of the purposes of every access to any personal information in a system, including the identity of the special access user, must be kept. Personal information must never be disclosed without specifying security requirements (e.g., the level of confidentiality), and obtaining reasonable assurance that those requirements will be observed.

No personal information concerning political or religious beliefs or activities should be collected if it will be put into a government-operated information system.

Income data shoud not be keyed to zip codes or postal districts.

Federal agencies are prohibited from requiring disclosure of personal data or requesting voluntary disclosure unless authorized by law.

The bill establishes a five member Federal Privacy Board that can make and enforce privacy rules for personal data files. The Board is required to establish an annual directory of every personal data system in the country; it is empowered to ensure that standards are met and to assist organizations to comply with privacy safeguards. It can make site visits, compel production of documents, hold hearings on violations, issue cease and desist orders, delegate authority to states and hold open hearings on exemptions. It is required to report annually to Congress.

S. 3418 is an excellent beginning for hearings and for the legislative process, and we in the Government Operations Committee will prepare this bill very carefully but expeditiously for floor action during this session.

PROBLEM AREAS

Mr. President, as you know, there are many other bills pending in this body regarding individual privacy. Without exception, they all raise problems in the minds of those of us who want to correct the present lack of controls over personal data.

Our bill is itself not free of flaws; yet, in the give-and-take of the committee room, it can be perfected. Let me cite some of the difficulties in the legislation.

The bill does not establish a mechanism to inform people as new files about them are created. The right to inspect and challenge personal files is amost meaningless if an individual does not know that a file even exists. Perhaps we should provide that people be notified whenever they become a subject of a new data file.

Another problem is that no limits have been placed on rights to inspect and challenge personal files and to demand investigations of disputed information, and no protection against excessive demands is afforded to organizations keeping data files.

For example, it would be unfair to allow a person to inspect his file every week. As I noted, the bill requires that information should be collected from the individual himself wherever possible. This is an important provision, since it attempts to assure that the information that is collected is accurate. However, there is a possibility for abuse. If personal information is actually collected directly from the subject in every case practicable, the resulting harrassment of individuals may undo the value of the rule by creating another type of violation of personal privacy.

The requirement in the bill that every access to personal data be accurately recorded is unprecedented and very likely would be staggering in scope. There seems to be the unwarranted assumption that thousands of different organizations will independently and correctly establish new standard operating procedures for handling personal information. The implicit administrative burden on government and private organizations is a matter for concern and further consideration. It may be that it is possible to make a number of distinctions that will lessen the burden on organizations, yet establish basic privacy guarantees. One possible distinction is to differentiate among the kinds of organizations maintaining data. My legal staff is now working on that difficulty.

The bill provides for a Federal Privacy Board, which would be an independent agency in the Executive Branch consisting of five members designated by the President and confirmed by the Senate. There is a good deal of doubt about the validity of such an organization. It may well be that the simplest, and ultimately the best, solution is to establish rights which individuals may pursue through the judicial process, without creation of any new agency to "police" the new privacy guarantees. Or, the Privacy Board's functions could be lodged in an existing Executive branch organizataion. Or, they could be lodged in one of the existing independent regulatory commissions, or in an agency of the Legislative Branch, such as the General Accounting Office. These are some of the concerns and some of the options we must explore during our hearings.

There are other legitimate concerns. One of them is the exemption provided in the bill for national security. Personal data systems directly related to the security of the U.S. would be free from the guarantees of the act. Any federal agency could use that protection. This could permit federal agencies to abuse that cloak of secrecy, thus diminishing the intentions of this legislation.

I cite a concrete example which indicates a need for a careful, tight definition of this national security exemption.

The United States Army has been used to spy on the political activities of American civilians in Western Europe. In August, 1972, U.S. Army Military Intelligence personnel were assigned to monitor the political campaign activities of supporters of Senator George McGovern in Western Europe. The reports filed by these agencies describe the political activities of a group known as "Americans for McGovern", in Berlin. Army Intelligence reports describe their organizational meetings, leaflet distributions, announcements and local publications, ties to the official Democratic party, and even the name of a man who received an autographed picture of Senator McGovern.

Military intelligence reports describe in detail the position of McGovern supporters on issues such as tax reform, welfare reform, Federal aid to schools, equal educational opportunities, racial and sexual discrimination, national health insurance, abortion and abolition of the electoral college.

Military intelligence reports list the names of McGovern supporters, including information on their date and place of birth, marital status, passport number, occupation and residence in Western Europe.

A chart was prepared by the U.S. Army for training manuals to be used in the training of intelligence personnel in Western Europe. One such chart shows the "link" between the Democratic Party in the U.S. and the Communist Party.

Army personnel also opened the mail of American civilians in Europe. One intelligence officer has said that the Army maintains a room approximately 15 ft. x 20 ft. containing file cabinets filled with photocopies of mail of American civilians. In these files is a letter from the library of the College of Charleston, South Carolina, to a publication in Western Europe run by American civilians. The Army has photographed an index card, photographed both sides of the envelope and photographed the contents of the letter. This opening of American civilian mail occurred in June of 1973, which date appears at the top of the Army document. The Army has systematically opened the mail of the Lawyers Military Defense Committee, which is an affiliate of the American Civil Liberties Union, and a well-publicized suit against the Army in the U.S. District Court of the District of Columbia by the L.M.D.C. and other plaintiffs is contesting these privacy invasions conducted in the name of "national defense."

Other Army activities include infiltration, photographing and wiretaps. With respect to photography, American students in Western Europe have been photographed pamphleteering for McGovern by military intelligence officials and photographs have been obtained of political petitions showing the names of American civilians who have signed the same.

The Army has collected leaflets disseminated by American civilians which describe President Nixon's involvement in Watergate. On the back of each leaflet is a physical description of the person handing out the document.

All of these activities are undertaken in the name of "national security". Such a grossly distorted use of this catch all pretext to so blatantly abuse the rights of American citizens is unwarranted, and Federal privacy law must be enacted to bring such abuses to an end. For this reason, I believe we must carefully narrow the national security exemption in this bill.

MEDICAL RECORDS ABUSE

In yet another area of personal data, almost unnoticed by the public, there is a growing assault upon the confidentiality of personal health and medical records. Information that we provide to our doctors in the intimacy of their offices frequently finds its way to insurance companies, credit files and employment records without our knowledge or approval. The improper procurement. and use of medical information has had devastating effects upon unsuspecting individuals. Marriages have been ruined and reputations have been destroyed. I would like to refer to several case histories provided by Dr. Elmer R. Gabrielli, Chairman of the Joint Task Force Group on Ethical Health Data Centers at the State University of New York. These cases illustrate the need for Federal legislation to prevent flagrant breaches of confidentiality of medical information. In one recent example, a District Attorney from a great American city was hospitalized with a serious medical condition. On the day following his hospitalization, the local newspaper in his community printed his medical records word for word.

A second, even more serious example offered by Dr. Gabrielli, involved an employee of a large defense contractor who sought reimbursement for psychiatric treatment from his company's health insurance plan. In the process of the claim, the insurance company passed on the diagnosis of the employee to his employer who in turn, passed on the diagnosis to the Defense Department. The Department initiated an investigation of the employee. Department of Defense investigators asked insinuating questions of the man's neighbors. The damage had been done.

In another case, a young woman attempted to commit suicide and subsequently received psychiatric treatment at a hospital. She was shocked to learn the details of her diagnosis, not from her doctor, but from her employer. Her employer had obtained the information from the company's health insurance agent, who had gained access to these supposedly confidential hospital records. The shock to this woman upon hearing her psychiatric diagnosis from her employer must have been intense. It calls to our attention once again the imperative need for legislation to establish limits on access to personal data. This