constraints imposed by manual systems which had previously precluded most of the "data handling" capabilities which we now are concerned with.

Our most current effort in the area of privacy, which, has generated interest nationwide, is reflected in Assembly Bill No. 2656 (AB 2656). This measure would enact the California Fair Information Practice Act, the provisions of which parallel closely the recommendations contained in the widely read report prepared for the U.S. Department of Health, Education and Welfare (HEW) entitled "Records Computers and the Rights of Citizens."

In fact, AB 2656 recognizes in its provisions the five basic principles which form the basis for the HEW report's recommended code of Fair Information Practice. As stated in the Bill, the California Legislature recognizes these principles to be:

1. There must be no personal data record-keeping systems whose very existence is secret.

2. There must be a way for an individual to find out what personal information about him is in a record. and how it is used.

3. There must be a way for an individual to prevent personal information about him that was obtained for one purpose from being used or made available for other purposes without his consent.

4. There must be a way for an individual to correct or amend a record of identifiable personal information about him.

5. An organization creating, maintaining, using, or disseminating records of identifiable personal data must ensure the reliability of the data for their intended use and must take precautions to prevent misuse of the data.

The measure has already passed its house of origin, the assembly, and is now pending in the senate. Because it is still in the legislative process, it is naturally subject to further revision. Its introduction has generated a considerable amount of interest in the California business community and also in the State and local Government sectors. This interest and concern may influence to a degree the final version of the measure. In this regard dialogues have been initiated between our legislative staff and various interested groups in order to make appropriate clarifications to the measure.

Because I have brought a sufficient number of copies of the current version on the bill for distribution, I will just touch on its highlights in my presentation to you. To begin with, the provisions enumerated in AB 2656 apply to both governmental and nongovernmental automated systems which contain personal data (which is defined as ". . . any information that describes anything about an individual and which can be associated with an identifiable individual"). This is a rather all-encompassing definition and may explain why the measure has generated such widespread interest within the State among groups that would be affected by enactment of its provisions. Simply put, AB 2656 will leave no stone unturned in terms of the protective umbrella it would provide for our citizens. It would affect a good number of organizations in

California because it is not seen as some sort of halfway measure, but one which will provide an appropriate level of response to the people's mandate when they voted to amend the California Constitution in 1972 to include the right to privacy as an inalienable right.

Now, to get on with the specific areas provided for in AB 2656, the measure stipulates requirements placed on those maintaining an automated personal data system for the safeguarding of data maintained in such systems. These requirements include (1) identifying one individual immediately responsible for the system, (2) the instruction of appropriate employees regarding required safeguards, (3) reasonable physical, technical and procedural precautions to protect data in the system from any unauthorized release, transfer, access or use, or any threat or hazard to the security of the system, (4) the establishment of safeguards regarding the transfer between systems of individually identifiable personal data before any such transfers may take place, and (5) the elimination from a computer-accessible form of obsolete data.

Secondly, the bill requires that those maintaining an automated personal data system give annual notice of the existence and character of the system. This notice must be filed with the California State Department of Consumer Affairs as a permanent public record, must contain a number of specified informational items including the procedures whereby an individual can be informed if he is the subject of data in the system, and if a subject, how he can gain access to such data and contest its accuracy, completeness, pertinence and timeliness.

Thirdly, the measure provides for the rights of individuals on whom personal data are maintained. These rights include the requirement that an individual asked to supply personal data must be informed in writing whether he is legally required to supply the data requested, of any consequence which may arise by his permission or refusal to supply such data, and of the uses to which such data will be put. Further provisions in this area require (1) that an individual be provided in writing, at his request, information which discloses whether he is the subject of data in the system in question, and if so, that such data be made fully available to the individual in a form comprehensible to him, (2) that no use of individually identifiable personal data is made which is not within. the stated purposes of the system as reasonably understood by the individual at the time he was asked to provide the data. (3) That no data about an individual are made available from the system in response to a demand for data made by means of compulsory legal process unless a reasonable effort has been made to notify the individual in question, and (4) that proce dures are maintained which allow an individual to contest personal data maintained on him, and, where the contest is not resolved favorably, to provide that whenever disputed data are disclosed such disclosure clearly note this fact and a copy or accurate summary of the individual's statement in this regard be provided with the data.

In the way of "teeth" with which to ensure compliance with the various provisions of AB 2656, the measures contains penalty provisions which include fines, imprisonment, and punitive damages for specific violations.

In summary, we believe that the Bill will provide a meaningful response to the mandate of the people of California, that it is comprehensive, and that amendments made to date have not detracted from the measure's original intent, but have in fact made it a progressively better piece of legislation by providing appropriate clarification.

Another piece of current legislation which has yet to be heard before committee has also been introduced in the California Assembly. This measure, Assembly Bill No. 2802, would stipulate some requirements regarding the use of the Social Security Number. Unlike AB 2656, the provisions of this measure apply to all transactions; that is, they are not restricted to the use of the Social Security Number in EDP systems only.

In brief, this Bill would require that any person who makes necessary the disclosure of an individual's Social Security Number as a part of a commercial or governmental transaction report the fact of such requirement to the Department of Consumer Affairs, which is to maintain a record open for public inspection of those persons reporting.

The measure also requires that an individual asked to provide his Social Security Number as part of a commercial or governmental transaction be informed whether such disclosure is necessary or optional, and permits an individual to have his Social Security Number removed from records where disclosure of the number was not necessary.

Further provisions of AB 2802 would make unlawful any requirement of disclosure of an individual's Social Security Number for personal identification in governmental or commercial transactions unless specifically authorized by Federal or State law.

Because AB 2802 has only recently been introduced, it is difficult to tell at this time whether or not it will enjoy the same degree of success that has been the case to date with AB 2656.

Now, looking at the issues of security and privacy from yet another aspect, I would like to discuss some further action that has been taken by our legislature in this regard. In California, as in other states, there is data exchange and data sharing between the State and local governmental entities and among local entities themselves. Recognizing these data transfer "linkages," the California Legislature has enacted legislation creating an Intergovernmental Board on Electronic Data Processing. This Board monitors the development of State and local EDP systems which will exchange information, with the objective of assuring that the duplication of systems development is avoided, and that appropriate communication takes place among the various governmental jurisdictions participating in the development of such systems.

The Board has also been given specific statutory responsibility to ". recommend any legislation re

The Board, which receives a nominal amount of direct State funding, derives much of the productivity through volunteer effort contributed by the State and local Government entities as represented by board members and technical staff. The Board has established a privacy and security committee which, in addition to working in the area of legislation, has published just recently a report of the Board entitled "guidelines establishing requirements for security and confidentiality of information systems." With 58 counties, almost 400 cities, and 1,124 school districts (not to mention 3,000 special districts), the efforts of the Board as reflected in the guidelines will be of especial value to the smaller and emerging governmental users of EDP technology, although it is accurate to state that there is also considerable room for improvement also in some of our large EDP facilities. For those interested, I have sufficient copies of the guidelines table of contents and procedure for ordering the publication.

With regard to the area of computer security, I would like to discuss for a moment a relatively recent occurrence in our State which brought very much to home the question of computer security-but in a somewhat different light. Incidentally, this occurrence demonstrated clearly the willingness of the California Legislature to meet the security issue head-on and take appropriate steps to resolve the issue which confronted it.

In 1973 California and certain other States received much national recognition with regard to a particular incident in the business community. I am referring to the so-called Equity Funding Scandal as you may recall. This was a situation where the Equity Funding Corporation of America was found to have perpetrated a considerable degree of costly fraud through the use of company computers.

Once the nature and extent of fraud had become evident, our reaction in the California Legislature was to (among other things) augment the budget of the State Department of Insurance to provide it with sufficient funds to acquire a high-level technical expert who possessed expertise in the insurance and computer fields in order to develop within the department of insurance the ability to audit effectively EDP systems maintained by insurance companies.

Because we have for the most part centralized EDP training within California State Government, we have been able to develop with the Department of Insurance expert a training program which should greatly improve the ability of that department to perform more effective auditing of systems maintained by insurance firms.

This is somewhat of a different twist on the computer security question. In this case, while we want insurance company systems to be secure with regard to the confidentiality of personal data maintained by

California Government Code, Section 11711, Subsection (f).

them, we want our department of insurance auditors to be capable of determining to the maximum extent possible when the computer is being used for an illegal purpose.

In conclusion, I would like to focus on my own experience over the past year as well as my thoughts for the future. While chairman of the Assembly efficiency and cost control committee, the committee over the past three years has heard all electronic data processing bills including the Fair Information Practices Act of 1973 (AB 2656) discussed earlier. Also during 1973, the committee conducted four public hearings concerning computer privacy and security. In addition, I have been appointed chairman of joint legislature subcommittee to develop the plans and goals. of legislative electronic data processing. Our report will be promulgated April 15 and will include plans for sharing executive files without violating either privacy or security. Also, I am participating as chairman of a unique high-level executive/legislative statutory committee called the California Information Systems Implementation Committee consisting of the directors of finance and general services representing the executive and the chairmen of the Senate and Assembly Finance Committees, the chairman of the joint legislative budget committee and myself as chairman of the efficiency and cost control committee. To insure nonpartisanship, the Vice Chairman of each Legislative Committee is also a member at present. The Com

AB 644 (MacDonald 1973), Government Code Sections 1175511758.

mittee is actively pursuing its statutory charges of (a) reviewing electronic data processing policies; (b) developing electronic data processing procedures to protect privacy and confidentiality of records and rights and privacy of the individual; and (c) report ing recommendations to the Legislature and the Governor. Through the hearing process, the committee is generating positive and immediate reactions from the nine campus university and 19 campus university and college systems and the State's vast communication networking systems in the areas of effective electronic data processing utilization and protection of information collected and transmitted.

California with nearly 21 million population and the business interests associated with this large population has experienced extreme difficulty in encourag ing the utilization of computers while protecting the privacy of individuals and insuring the security of data. Through the three committees that I have mentioned, plus the past pressure-filled five years of legislative maturity in the computer environment, I feel California has established a privacy and security umbrella which is still a leaky one but at least supported by bits and pieces of statutes addressing privacy problems. I am optimistic that by the time the California Legislature adjourns on November 30, 1974, the progress made through legislation and the momentum for safeguards established with the private and public sectors, may well assure the people of California that the word "Privacy" in their Constitution is a meaningful one now protected and ready to be defended from further unforeseen circumstances.

It is very fashionable to think of California as one of the legal pacesetters of the nation. It is true that they did enact a constitutional amendment inserting privacy into their constitution at their last general election. Montana has done the same thing. If memory serves me right, at the same time that the people of California were voting for privacy, they were also voting for the death penalty, against marijuana and for pornography. This combination suggested an interesting profile of the California voter. I, too, come from a unique state Massachusetts. As I indicated earlier this morning, I am originally a New Yorker, I have been a Minnesotan; I have been a Michigander; and for short periods of time, I have been a Floridian and a Californian; but I am now from Massachusetts. Massachusetts has a long, but somewhat checkered, legal tradition. It started with the Salem Witch Trials; proceeded through the Sacco Vanzette

incidents; and its most recent manifestation was the trial of Dr. Spock and Reverend Coffin. Seriously, however, we do undertake some rather interesting things in Massachusetts.

One aspect of Massachusetts law that is interesting and which I have been asked to speak for a few minutes on, is that State's recent reaction to problems of privacy. We have a Republican governor, Governor Sargent, who takes great pleasure suing a Republican national administration. You heard something about that earlier this morning. It took the form of a petition against the Department of Justice challenging the FBI policies with regard to the National Crime Information Center files. Conversely, the Republican adminis tration in Washington is fond of suing the Commonwealth of Massachusetts, which they did last year in trying to get access to the Massachusetts criminal history files.

A great deal is going on in Massachusetts in the privacy arena. There are three things worthy of special note. First, Massachusetts was, I think, the first State in the Union to legislate with regard to computerized criminal recordkeeping. A statute was passed in 1972 that is designed to manage what is called criminal offender record information that will be in a fully automated criminal justice information system that will service all of the law enforcement agencies in the Commonwealth. This statute created two administrative units. One is the Criminal History Systems Board, which has operating control over the criminal justice information system. It is a regulatory body composed of representatives of the data users-law enforcement officials, rehabilitation officials, and court officials. It is an in-house professional group. In addition to the Board, there was created a Security and Privacy Council consisting of nine members, seven public members who work on a pro bono basis, and representatives of the Attorney General's office and the chairman of the Criminal History Systems Board. I serve as chairman of this Council. The Security and Privacy Council's function is to study, monitor, audit, and present recommendations to the Board with regard to matters bearing on security of the system and the privacy of the criminal justice files. It really has no power-none whatsoever other than the power of recommendation. All power resides in the Board. Fortunately, the Council seems to have captured the good will of the Board and the two organizations are working in reasonable harmony.

In the period between the enactment of the statute and the present, very, very detailed regulations have been drafted by the Board with the advice of the Council. These deal in great detail with regard to such matters as security of data, access to data, dissemination of data, the purging and sealing of data. Anyone interested in seeing a fully developed regulatory system would be well advised to look at the regulations proposed for the Massachusetts criminal justice system. In my judgment, it represents a rather reasonable balance between the needs of the law enforcement. community and the rights of the individual, although I do not agree with everything in the current draft. Of course, these regulations are reinforced by a strong statute that prohibits the movement of criminal justice information outside the criminal justice community and those governmental organizations authorized by statute to have access to criminal justice information. If properly enforced, this is a very limiting standard. There is no legal way an employer, an insurance company, or a credit-rating or credit reporting agency will be allowed to gain access to the Massachusetts criminal justice system.

The second development in Massachusetts is the

appointment by the Governor of a Commission on Privacy and Data Protection. In many ways, this Commission is modelled after the HEW Committee. Its charge is about the same and its composition reflects the same wide angle of experience and expertise that characterized the HEW group. It is a commission composed of private citizens who are not compensated. I serve as its chairman. We are just getting underway by investigating the state of recordkeeping in Massachusetts, the level of security that exists, the amount of technological attention being given to matters of privacy and security. We expect to take testimony from citizens and to respond to individual complaints. We already have started to receive them and they follow the usual pattern of objections to the use of the social security number on driver's licenses, the lack of file security in welfare offices, the selling of lists of customers or members to consumer reporting and mail list companies.

The third development in Massachusetts symbolizes what I said earlier this morning when I suggested that the privacy issue has come of age. The computerprivacy issue has the enormous political sex appeal. Not to be outdone by the Governor, the General Court of the Commonwealth of Massachusetts, which is its legislature, has appointed a commission to study privacy. Of course, its efforts will be largely duplicative of the Governor's commission, although it probably will be more action oriented because it is composed of nine State representatives and three public members. It, too, is just underway in its work.

I have described the Massachusetts scene simply to indicate to you that considerable activity is going on at the State level and the object will be to place a bill before the entire legislature. The executive and legislative branches of dozens of States already have become active in trying to deal with this problem. One of the really significant problems that face policymakers, in particular those at the operating levels of government, such as many of you people, is to avoid the zealots, both the zealots of government efficiency on the one hand and the zealots of civil liberties on the other. Unfortunately, many of the proposals that are appearing are technologically unsound, administratively unworkable, or placebos that really accomplish little because they offer people no effective procedural mechanism either in terms of gaining access to their files or in terms of challenging inaccuracies in the file. If there is a single important role for governmental policymakers, it is to help the legislators find a mid-course between the extremes; otherwise we will end up with extremely bad legislation. I think you must face the fact that given the appeal of the privacy issue, there will be legislation and the real question is how good can be make it.

Thank you and good afternoon. As noted already, President Nixon has increased dramatically the im portance of our deliberations here, and I hope that there are some staff members from the Domestic Council with us because the issues raised at the November Conference and addressed again at this one cover most of the issues before Vice-President Ford's Committee. CBEMA has long believed that society must set the rules for privacy so that administrators, systems designers and equipment vendors can implement the confidentiality rules and security systems to preserve that level of privacy. In this context, I have three conclusions to discuss with you this afternoon.

First. Information Protection: Information can be protected better in a computer system than in a manila folder.

Second. How Much Security Is Needed? Security expenditures must be based on cost benefit analyses. The extent of security measures depends on the assets to be protected and the perceived risk.

Third. How Much Security Is Available? Better security products are coming in response to perceived market demand but I must note that government demand seems to be well ahead of other markets.

Last November this conference addressed issues facing the government manager regarding Privacy and Security in Government Computer Systems. I reflected on the views stated at that conference during my return from East Europe and the USSR last week. It is very clear that those are societies in which information is secure. And, it is just as clear that it is not the use of computers that determines the character of a society.

Franz Kafka in his novel "The Trial" found little need for a computer to ensnare his victims. In the United States and other Western nations, however, the computer is beginning to be cast as a villain. I don't agree. I agree with Alan Westin, who sees the computer as the catalyst causing a reaction between long established trends towards Institutionalization and Meritocracy on the one hand and new concepts of personal freedom and group dignity and rights on the other hand.

In this connection, the Canadian Government Report: "Privacy and Computers" notes that not all claims to privacy fall within any reasonable concept of privacy. The demand for access to personal files can also be seen as an attempt to alter the distribution of political power. And, the arguments about "computer errors" are essentialy arguments about defamation--even if the context is new.

These are genuine concerns, but how can we best address the range of issues before us? I believe our society must look at Privacy, Confidentiality and Security of information from a systems viewpoint. In this examination different concepts are needed at different levels and various groups play different roles.

CBEMA has been actively concerned with the expanding impact of data handling techniques on society for many years. As awareness of these developments grew within the Industry, we established a Committee on Privacy and Security. Through this committee, CBEMA has followed closely the growth of interest in the Congress, other legislative bodies, the Executive Branch of the Federal Government and in the States in the subject of Governmental use of information technology. We therefore, welcome the opportunity to participate in conferences such as this since one of our activities is to promote informed public discussion of the part data handling techniques, and computers in particular, play in the collection and administration of information about people.

Our recently published CBEMA statement, "The Role of Computers in Privacy, Confidentiality and Data Security," addresses the issues as we see them and copies are available in the auditorium. This statement is the first in a planned series of publications designed to stimulate thought and discussion. We have published the speech given by Ruth Davis at the November Conference. We think Dr. Davis provides a thoughtful overview of this issue as a concerned Government Official. We are distributing this speech to the Congress, State legislatures, the Federal and State Executive Branches because we think it's important.

The activity of the CBEMA Commitee on Privacy and Security is based on two convictions:

• Preservation of the individual's right to privacy is a fundamental goal of our society.

• The use and advancement of information processing techniques are vital to solving the problems presented by our increasingly complex society.

Concern for privacy is not a new subject. Since the beginning of recorded history, there has been concern about the collection of information and its use as it affects individual privacy. Each age and society has continually reviewed the balance between the rights of the individual to be left alone and the needs of