implementation of the routine use clause of the privacy act
TRANSCRIPT
42 FOLICYSTLIDE REVIEW, W m R 1991/92, VOL. 10, NO. 4
Implementation of the Routine Use Clause of the Privacy Act
Gloria Cox University of North Texas
Information privacy, the privacy of personally identifiable data held by organizations, gained access to the federal policy agenda in the sixties. The passage of several legislative acts resulted in protection fw infirmation privacy in specific environments and circumstances. In 1974, the Privacy Act was passed, providing citizens limited protection for data held by agencies of the federal gmernment. While the Privacy Act is the cornerstone of protection for citizens with regard to government-held data, the law has been less efective than its designers hoped it would be. One major defect of the law is the routine use clause, which has been subjected to broad interpretation and distortion, to the benejit of executive branch agencies which handle personally identifiable data. This article examines the issue of information privacy, withfocus on the misuse of the routine use clause and subsequent implications for citizen privacy.
While the Privacy Act of 1974 is the cornerstone of current legal guarantees about the privacy of personally identifiable information in possession of the Federal government, the law contains an inherent weakness which has been exploited in implementation. This article explores the broadening of the routine use clause, a practice that has resulted in distortion and weakening of the protections provided by the Privacy Act.
PROVISIONS OF THE PRIVACY ACT
The Privacy Act requires agencies to maintain only those records that are relevant and necessary for the agency’s mandated purpose and directs agencies to acquire information, whenever possible, from the person who is the subject of the file when that data will be used for decisionmaking. When data are collected, subjects are to be informed of the uses to which it will be put, whether or not one has the option of declining to answer the questions put forth, and the penalties that may exist for refusing to answer. The client must also be advised of the routine uses which exist for the data, and, since the amendments of 1988, forms must contain a warning that the data might be matched with data from other programs.
Persons who are the subject of a file may gain access to the information in that file by making a request under the Privacy Act, although exemptions apply to certain systems of records including some held by the Federal Bureau of Investigation, the Central Intelligence Agency and the Drug Enforcement Agency. Individuals are permitted to make additions
COX: h4PLEMENA’IlON OF THE R O ~ E USE CLAUSE OF THE PRIVACY AC7 43
and corrections to their own file, if they choose. The Privacy Act permits certain disclosures of information to persons
and agencies outside the collecting agency, but requires that agencies keep a record of any disclosures of a file’s contents. Since the law’s sponsors recognized the futility of listing every single legitimate purpose for which information from a file might be disclosed, they listed among the acceptable disclosures those made for a routine use, defined as a use that is compatible with that for which the data were originally collected. The term compatible is not defined in the statute (Flaherty, 1989, p. 323).
USE AND ABUSE OF THE ROUTINE USE CLAUSE
There can be no doubt that a key aspect of protecting personally identifiable information is a guarantee that such information will not be shared with other agencies or individuals, except for a legitimate purpose about which the subject could be expected to know. Investigation reveals, however, that agency officials have interpreted the routine use clause broadly and have created almost unlimited ability to move data among Federal agencies. The resulting misuse of the routine use clause and the violation of the original intent of the Privacy Act have created new threats to information privacy. No malevolent purpose is attributed to administrative personnel; instead, the value of efficiency, always important to bureaucratic agencies, is simply given priority over privacy considerations. Recent years of budget deficits have resulted in greater pressures for efficiency, thus enhancing the problem. For example, in 1986, the Office of Management and Budget appeared to sanction the broadest possible definition of routine use by issuing a recommendation that agencies shall ”seek to satisfy new information needs through legally authorized interagency or intergovernmental sharing of information, or through commercial sources, where appropriate, before creating or collecting new information” (Flaherty, 1989, p. 323).
The Privacy Act requires each agency in possession of systems of records to publish for each system the routine uses to which the information might be put. These anticipated routine uses are published in the Federal Register and in periodic compilations of Privacy Act Notices. Ostensibly, an individual who knows which department or agency has a file on him/her and who can correctly identify the particular system of records in which it is located can ascertain the routine uses to which that record is subject. Most citizens, however, lack the knowledge and initiative required for such an exercise, and have little understanding of how information supplied by or about them to government agencies might be used.
An examination of routine use notices reveals that no overall categorization can be made; just as the purposes of agencies vary widely, so do the routine uses claimed by agencies for their files. Several types of
44 POLICY STUDIS REVIEW, WNER 199l/92, VOL. 10, No. 4
routine uses appear again and again, however. Agencies commonly claim as a routine use the right to provide information that is relevant to law enforcement investigations, as well as data needed for responses to Congressional inquiries. In addition, when reeords deal with money owed to the Federal government, agencies claim that referral of an overdue account to a private collection agency constitutes a routine use. These examples notwithstanding, routine use notices seem quite varied and specific to each type of record system.
It is revealing to examine some specific agencies and the routine uses that they claim. The Selective Service System handles the records of young men who are required by law to furnish information, including Social Security number, to agency officials. That information must be supplied to the Selective Service; failure to register is a violation of Federal law. Once that information is in the hands of the Selective Service, however, it may be provided as a routine use to any or all of the following entities:
Department of Defense Department of Transportation (for Coast Guard recruiting purposes) Department of Justice (for law enforcement purposes) Department of State (to check on the status of aliens) Department of Health and Human Services (locating parents for child
Federal Bureau of Investigation (to track down violators of
Immigration and Naturalization Service (citizenship information). In addition, Selective Service may also provide information to entities of State and local government for law enforcement purposes (Selective Service System, 1990). Selective Service officials indicate, however, that "no records have been shared with State or local governments, "although "hundreds of thousands" have been shared with other federal agencies since 1980 (Paula D. Sweeney, personal communication, September 27,1990).
Another telling example is the Federal Bureau of Investigation which is, of course, specifically in the law enforcement business. The FBI claims as a routine use the right to disclose data to any or all of the following: officials and employees of the Department of Justice, and any federal agency "to assist the recipient agency in conducting a lawful criminal or intelligence investigation ... in making a determination concerning an individual's suitability for employment and/or trustworthiness for employment and/or trustworthiness for access clearance purposes, or to assist the recipient agency in the performance of any authorized function where access to records in this system is declared by the recipient agency to be relevant to that function" (Federal Register, 1989, p. 42080).
In addition, the FBI claims the right to disclose personal data to the federal judiciary, "to any State or local government agency directly engaged in the criminal justice process,'' to members of any adjudicative body, as well as to "an organization or individual in both the public or
support purposes and verifying Social Security numbers)
registration requirements); and
COX h4PLEMENTAnON OF THE ROUIINE USE CLAUSE OF l H E &WAC( ACT 45
private sector where there is reason to believe the recipient is or could become the target of a particular criminal activity or conspiracy.” In other statements concerning routine use, the FB1 specifies that, under certain circumstances, information may be disclosed to the legitimate agency of a foreign government, to the news media or the general public, or to persons trying to locate other individuals (Federal Register, 1989, p. 42080). The Bureau’s routine uses appear to be virtually unlimited, a disturbing problem in view of the personal and sensitive nature of much of the information it holds.
The Social Security Administration is of particular interest to most citizens, since it holds records on virtually everyone. SSA Officials state that ”by far the largest category of agencies receiving information from us consists of those agencies (state and local as well as federal) that administer income-maintenance and health maintenance programs” (Stephen Siff, personal communication, November 14, 1990). In addition to those releases, SSA maintains routine use rights to disclose to the Department of Housing and Urban Development, the Railroad Retirement Board, the Department of State, the Internal Revenue Service, the Department of Education, the Department of Interior and the Selective Service System, among others (Stephen Siff, personal communication, November 14,1990). While the Social Security Administration was unable to provide an estimate of the number of records shared with other agencies, the figure is thought to be ”considerable,” although the agency believes that its policy is, in general, one of maintaining ”rather strict general confidentiality” (Stephen Siff, personal communication, November 14,1990).
Not all agencies have policies that seem to promote disclosure; indeed, some take extraordinary care of sensitive information under their control, usually as a result of specific legislation ordering such precautions. The Department of Veterans‘ Affairs, for example, uses the routine use clause to transfer certain records, but treats as confidential others that are protected by statute. According to that Department, laws exist to protect from disclosure ”records pertaining to claims under any of the laws administered by VA, and names and addresses of present and former personnel of the armed forces and their dependents ... records of the identity, diagnosis, prognosis, or treatment of any patient or subject of any program carried out by VA relating to drug abuse, alcoholism or alcohol abuse, infection with the human immunodeficiency virus, or sickle cell anemia are confidential and may be disclosed only as expressly authorized” (B. Michael Berger, personal communication, October 5,1990). However, some agencies may actually attempt to protect data, only to find that they are unable to do so. Since passage in 1981 of the Debt Collection Act, the Internal Revenue Service has been required to locate and provide, whenever possible, current addresses of taxpayers who are delinquent in repaying a federal loan.
It is clear that federal agencies, through the direction of the Office of
46 POLICY STUDIES REVIEW, W”ER 1991 /92, VOL. 10, NO. 4
Management and Budget, transfer large amounts of personally identifiable information within the federal government as well as to state and local entities and private sector organizations, and that broad interpretation of the routine use clause provides the statutory authority that agencies seek for their information processing activities.
COMPUTER MATCHING
One of the most threatening developments of recent years is the implementation of computer matching programs, based on routine use. Computer matching is ”the computerized comparison of two or more sets of electronic records to search for individuals who are included in both sets” (Office of Technology Assessment, 1988, p. 15). The first computer matching programs were undertaken in 1977; Project Match, as the activity was designated, was designed to reveal the names of families who were illegally receiving monies from the Aid to Families with Dependent Children program (Linowes, 1989, p. 92). Since that time, numerous matching projects have been conducted in accordance with one of the following methods, all of which demonstrate the goal of computer matching programs: to reduce fraud and waste in government.
Front-end matching is used to improve accuracy of information in files. According to Joseph R. Wright, Jr., then-Deputy Director of the Office of Management and Budget, ”all ...p ayment and assistance programs have automated front-end screens to check new applications or subsequent record changes for accurate addresses” (House Subcommittee Hearings, 1987, p. 20). (The Deficit Reduction Act of 1984 made front-end matching a requirement for States as well, beginning in 1987 (Linowes, 1989, p. 92)). Wright indicated that one example of matching comes from the Social Security Administration which matches lists of benefits’ recipients with Postal Service lists of undeliverable notices, thereby producing a list to be checked for those persons who have moved or died, and whose names should be deleted or addresses corrected (House Subcommittee Hearings, 1987, p. 20).
Computer records are also used for back-end matching by which invoices and other forms are screened for appropriateness and eligibility. Wright provided the example of Medicare which receives from health care providers a very large number of requests for reimbursement. Such requests can be matched against standards or profiles established by the program to find out who may be submitting excessive numbers of claims or bills for services not rendered, or engaging in other abuses of the program. Back-end matching thus provides a means for agency personnel to ferret out possible cases of fraud, abuse, and/or inefficiency (House Subcommittee Hearings, 1987, pp. 20-21).
A third type of match is used to determine an individual’s eligibility for benefits, thereby enabling officials to decrease amounts paid to ineligible
Cox IWLEMENTATION OF THE ROUIINE USE CLAUSE OF WE PRIVACY Am 47
persons under various benefit programs. A match might be made with bank records to find individuals who have applied for benefits, but who have a considerable amount of money in a bank account. Such efforts are held in high esteem by agency officials. David Burnham, privacy advocate, quotes Thomas McBride, Inspector General of the Department of Labor during the Reagan Administration: ”There are now about sixty federal programs that depend on the income level to determine eligibili ty... There just isn’t any question that this methodology should be widely applied, that it has an enormous potential for eliminating fraud or erroneous payment and saving the taxpayers billions of dollars each year” (Burnham, 1980, p. 28).
Sometimes a computer match is undertaken for reasons other than the prospect of saving money; enforcement of a law or regulation may be at stake. For example, in 1982, legislation was enacted to allow the Social Security Administration to furnish to the Selective Service System lists of persons who had reached their eighteenth birthday, as discerned from an examination of wage records. Names could then be matched to records of those who had registered for Selective Service, with the result that a list of those who had not registered was generated for investigation by law enforcement authorities (Marshall, 1989, p. 35). The Internal Revenue Service provides another example, inasmuch as it furnishes information on individuals to locate parents who have failed to make child support payments as well as former students who have failed to repay education loans, issues involving money but also a secondary purpose of bringing wrongdoers to justice.
OMB adopted guidelines for computer matching programs in 1979, indicating that the purpose of the guidelines was to assist agencies in ”balancing the government’s need to maintain the integrity of Federal programs with the individual’s right to personal privacy” (Senate Committee on Governmental Affairs, 1988, pp. 2-3). Computer matching became a popular activity of government in the eighties, as the President’s Council on Integrity and Efficiency promoted it and Congress enacted laws that required computer matching activities to take place (Senate Committee on Governmental Affairs, 1988, p. 3). Finally, legislation was adopted to provide legal guidelines for computer matching programs; the Computer Matching and Privacy Protection Act of 1988, Public Law 100- 503, amended the Privacy Act to provide that written agreements between agencies had to be completed before a match could take place, and that the agreement had to include a statement of the purpose of the match as well as the legal authority under which it was conducted.
In addition, individual matches (or ”hits”) produced by matches of records systems must be independently verified before an individual’s benefits can be suspended, terminated, reduced or denied. This provision provides protection to persons who may otherwise suffer as a result of government officials acting on information produced by computer
48 P~LICY STUDIES REVIEW, WIN~ER 1991 /92, VOL. 10, No. 4
matches, even though a mistake may be responsible for the hit on which officials acted. The necessity for independent verification means that agency personnel must not consider data produced by computer matches to be unerring and totally reliable.
The Computer Matching and Privacy Protection Act of 1988 also mandated the creation of Data Integrity Boards to "review, approve, and maintain all written agreements for receipt or disclosure of agency records for matching programs to ensure compliance" with the law. The statute explicitly recognizes the importance of privacy by providing for the "administrative, technical, and physical integrity" of records included in matching programs.
It would be interesting and enlightening to know just how many computer matches take place each year, but even an estimate is difficult to obtain. The Office of Technology Assessment reported that there were approximately 700 matches of record systems in 1984, in which more than seven billion records were matched (House Subcommittee Hearings, 1987, p. 100). Agencies do not, however, keep or provide data on the number of matches that routinely take place. Clearly, computer matching is a practice of substantial, but undocumented dimensions, which contains the potential for damaging individual privacy.
CONCLUSIONS
Information privacy is a cornerstone of the larger concept of privacy, long held to be a key concept of a free society. At a time when computerization and recognition of information as a valuable commodity present ever-increasing threats to information privacy, federal agencies, working through the Office of Management and Budget, have opted to weaken the Privacy Act by use of what has come to be a loophole in that statute in favor of a competing value, efficiency.
There is no doubt that individuals, already required to submit to government agencies large amounts of personal, even sensitive, information have less and less control over its use. Not only can information be moved about within the federal government, but state and local as well as private organizations may also be able to obtain it. Moreover, computer matching exposes to scrutiny the records of millions of individuals about whom there is no suspicion of wrongdoing. When the probability of inaccurate information appearing in files is added, the possibility of harm is evident.
Since present routine use practices also permit transfers of file information to states and localities and computer matching projects frequently involve state and local agencies, state and local laws in the area of information privacy come into play. All states and the District of Columbia have laws about the handling of files, but there is tremendous variation among them, including "who may inspect a public record, what
COX: hF’LEMENTA?lON OF THE R O ~ E USE CLAUSE OF ?HE PRIVACY ACT 49
material constitutes a record, the number and nature of exemptions, the method of enforcement and penalties for violations” (Katz, 1990, p. 79). Privacy expert Harold Relyea of the Congressional Research Service, describes state laws as “uneven.“ States vary according to the laws on their books, as well as in the standards of enforcement that their officials observe. Some States, such as Massachusetts, provide protection for information that exceeds federal requirements, while others offer little in this area (Harold Relyea, personal communication, September, 1990). A 1988 Compilation of State and Local Privacy Laws provides detailed information on the laws of each State. Several States provide no protection for arrest records, although most have adopted laws to deal with computer crime. Bank records and Social Security numbers are provided legal privacy in only a few states (Marshall, 1989, p. 36). Beyond the existence of statutory protection, level of enforcement also determines the effectiveness of such laws. There can be no doubt that variations among governmental entities are considerable, and that privacy protection provided by federal law will not necessarily be enforced once data are in the hands of a different unit of government.
Finally, distortion of routine use, along with computer matching, raises again the specter of a national data bank, an idea that surfaces for debate from time to time. Originally proposed by the Bureau of the Budget in the 1960s, it was again brought up by the Nixon White House Domestic Council which recommended creation of a nationwide computer network linking the records of most federal agencies. Although the idea of a national data bank was defeated each time it was raised, it appears now, to have gained de facto recognition by recent OMB policy allowing, even encouraging, the sharing of data across federal agencies and beyond.
Clearly, it is time for Congress to reexamine the issue of information privacy within government and to move to close the routine use loophole which has distorted the original purpose of the Privacy Act. Only then will the balance between the twin values of efficiency and personal privacy be restored.
REFERENCES
Bumham, D. (1980). The Rise of the Computer State. New York: Random House. Flaherty, D. H. (1989). Protecting Privacy in Surveillance Societies. Chapel Hill: The
Katz, J. (1990). Just Whose Data Is It, Anyway? Gaverning, 3,79-80. Linowes, D. F. (1989). Privacy in A m e r i c a : Is Your Private life in the Public Eye?
Urbana and Chicago: University of Illinois Press. Marshall, P. (1989). Your Right to Privacy. Congressional Quarterly’s Editorial
Research Reports, I, 30-42. US. House of Representatives. (1987). Subcommittee of the Committee on
Government Operations. Hearings on Computer Matching and Privacy Protection
University of North Carolina Press.
50 POLICY STUDIES REVIEW, W I ~ R 1991 /92, VOL. 10, No. 4
Act of1987. 100th Congress, 1st Session. Washington, DC: U.S. Government Printing Office.
US. Congress. Office of Technology Assessment. (1988). Criminal Justice: New Technologies and the Constitution. Washington, DC: U.S. Government Printing Office.
US. Congress. (1988). Public Law 100-503, the Computer Matching and Privacy Protection Act of 1988. 100th Congress, 2d Session. Washington, DC: US. Government Printing Office.
US. Senate. (1988). Report of the Committee on Governmental Afairs to Accompany S. 496: The Computer Matching and Privacy Profection Act of 2987. Washington, DC: U.S. Government Printing Office.
US. Government. (1989). Fede~d Register, 54(197). US. Selective Service System. (1990). Privucy Act Statement.