Muskie Congressional Record: Privacy

CONGRESSIONAL RECORD — SENATE

August 5, 1977

Page 27528

SENATE RESOLUTION 255 — SUBMISSION OF A RESOLUTION TO COMMEND THE PRIVACY PROTECTION STUDY COMMISSION

(Referred to the Committee on the Judiciary. Subsequently the referral of the resolution was changed from the Committee on the Judiciary to the Committee on Governmental Affairs.)

Mr. MUSKIE (for himself, Mr. RIBICOFF, Mr. PERCY, Mr. BAYH, Mr. PROXMIRE, Mr. GOLDWATER, Mr. HEINZ, Mr. ABOUREZK, Mr. ANDERSON, Mr. CASE, Mr. DANFORTH, Mr. FORD, Mr. GARN, Mr. HART, Mr. HASKELL, Mr. HUMPHREY, Mr. JACKSON, Mr. KENNEDY, Mr. LUGAR, Mr. MELCHER, Mr. METZENBAUM, Mr. PELL, Mr. RIEGLE, Mr. STEVENS, and Mr. WILLIAMS)

submitted the following resolution:

S. RES. 255

Whereas our country has evolved in the last 100 years from one in which government and business maintained little personal information about individual Americans to an information dependent society in which volumes of data are compiled with respect to each citizen in order to carry out the responsibilities of government and business; and

Whereas the increased complexity of an information based society and its dependence upon the collection of intimate details about each of its citizens enhances the need for improved measures to insure the security and confidentiality of personal information; and

Whereas a growing number of Americans are expressing their concern for the collection of information by business and government as evidenced by a recent survey which reported that a great majority of Americans agreed that Americans begin relinquishing their privacy on the day that they open their first charge account, take out a loan, buy something on an installment plan, or apply for a credit card; and

Whereas the Privacy Protection Study Commission has completed a two-year examination of the ways in which government and business have intruded on the lives of Americans, and has presented the Congress with a broad range of recommendations designed to foster a greater expectation of privacy for every citizen; and

Whereas the recommendations of the Privacy Protection Study Commission will be a matter of legislative interest to the members and committees of the Senate and considerable effort will be required to achieve their adoption: Now, therefore, be it

Resolved, That it is the sense of the Senate that the Privacy Protection Study Cornmission, including its members and its staff, should be commended for the outstanding contribution made by its July 15, 1977, final report, entitled "Personal Privacy in an Information Society", and that the Senate and the Congress should begin now to work toward the implementation of the Commission's recommendations, and that this effort should be based upon the joint cooperation and support of all of the members of the Senate and committees of the Senate who will have the responsibility for conducting investigations and hearings and for recommending legislation which will create a climate of increased protection of individual privacy in this country.

Mr. MUSKIE. Mr. President, the Privacy Protection Study Commission on July 12, 1977, presented to the Congress the product of 2 years of study of individual privacy in America entitled, "Personal Privacy in an Information Society."

The study includes a comprehensive set of recommendations which are designed to protect against the misuse of personal information and to create an expectation of confidentiality in the treatment of the many intimate personal and financial details which are an important part of our lives.

It is with great pleasure that I join with several of my colleagues today in offering a resolution commending the Commission for its work and expressing the sense of the Senate that we should begin now on a joint effort to develop legislation which can implement many of its recommendations.

Nearly 3 years ago, the distinguished senior Senator from North Carolina, Sam J. Ervin, Jr., guided through the Congress the Privacy Act of 1974. Without his leadership for nearly a decade as chairman of the Subcommittee on Constitutional Rights and the Committee on Government Operations, the Privacy Act, the Privacy Commission, and the report which we commend today, would not be a reality.

It is important that we grasp the momentum which was created by the work of Senator Ervin and which has been advanced by the Privacy Commission. This will involve the cooperative effort of the many Members and committees who will have responsibility for drafting proposals for the protection of personal information collected and maintained by Government and business.

I would like to acknowledge at this point the valuable contribution of those Senators who have helped lay the groundwork for a cooperative effort in developing privacy legislation. Among these are the distinguished chairman and ranking minority member of the Committee on Governmental Affairs, Senators RIBICOFF and PERCY, whose leadership was so important to the adoption of the 1974 Privacy Act.

Also assisting was the distinguished senior Senator from Wisconsin, Senator PROXMIRE who shepherded the adoption of a wide range of new consumer protections through the Fair Credit Reporting Act.

The distinguished senior Senator from Indiana, Senator BAYH generously assisted in this effort. Not only does he serve as the ranking majority member of one of the newest committees of the Senate, which was created in response to reports of invasions of individual privacy by Government intelligence agencies, he also has inherited the important mantle of chairman of the Subcommittee on Constitutional Rights.

Finally, the effort would not have been complete without the able senior Senator from Arizona, Senator GOLDWATER. In 1974 the Privacy Act might have slipped from our grasp had it not been for the strong bipartisan support which it received in the Senate from Senators GOLDWATER, PERCY, and Ervin. Senator GOLDWATER and the Honorable BARRY GOLDWATER, JR., have formed a father-son team to work on privacy interests. Congressman GOLDWATER has spent a significant part of the last 2 years serving as a member of the Privacy Commission.

As the Privacy Commission report has observed, we live in rapidly changing times with respect to the impact information technology has on each of our lives. The Privacy Act of 1974 represents a significant step forward on our effort to assure the security and confidentiality of information about individuals which is collected and used by the Federal Government. It has established the basic principle that systems of records about American citizens shall no longer be maintained in secret.

It has established in law the right of citizens to examine records held about them and established procedures for the correction of inaccuracies in personal data.

Finally, the act has established penalties and provisions for civil remedies to enforce its implementation.

We have learned a great deal from the implementation of the act. A survey by Senator Ervin's Subcommittee on Constitutional Rights published in 1974 estimated that there were 858 Government data banks containing more than 1¼ billion records on individuals.

The President's second annual report to Congress on Federal personal data systems, which is required by the Privacy Act, has increased our knowledge about Government data collection, for we now know that in 1976, 97 Federal agencies maintained 6,753 personal data systems which contained 3.85 billion individual records. Seventy-four percent of those individual records were partially or fully computerized.

The changes in information technology have been equally dramatic throughout our entire society, yet as the report of the Commission notes, we have failed to keep pace with the need for protecting personal privacy in such areas as the employer-employee relationship, the insurance industry, the banking industry, and the expanding technologies of the retail credit industry.

Three out of four Americans now live in cities or their surrounding suburbs, only one in ten of the individuals in the workforce today is self-employed, and education is compulsory for every child.

In addition, most Americans now do at least some of their buying on credit, and most have some form of life, health, property, or liability insurance. Government social services programs now reach deep in the population along with government licensing of occupations and professions, Federal taxation of individuals, and government regulation of business and labor union affairs.

Today, government regulates and supports large areas of economic and social life through some of the nation's largest bureaucratic organizations, any of which deal directly with individuals. In fact, many of the private sector record keeping relationships discussed in this report are to varying degrees replicated in programs administered or funded by Federal agencies.

These excerpts from the preface to the Privacy Commission report underscore the magnitude of the task before us. It will take the combined efforts of all of us to achieve the legislative goals outlined by the recommendations of the Commission. It is a task we must set about achieving in this Congress if we are to keep abreast of the exhilarating trends in information technology in this country.

I ask unanimous consent that the recommendations of the Privacy Protection Study Commission be printed in the RECORD.

There being no objection, the recommendations were ordered to be printed in the RECORD, as follows:

RECOMMENDATIONS

THE CONSUMER CREDIT RELATIONSHIP

The Commission recommends: Recommendation 1

That governmental mechanisms should exist for individuals to question the propriety of information collected or used by credit grantors, and to bring such objections to the appropriate bodies which establish public policy. Legislation specifically prohibiting the use, or collection and use, of a specific item of information may result; or an existing agency or regulatory body may be given authority or use its currently delegated authority to make such a determination with respect to the reasonableness of future use, or collection and use, of a specific item of information.

Recommendation 2

That the Federal Fair Credit Reporting Act be amended to provide that each credit grantor must exercise reasonable care in the selection and use of credit bureaus, independent authorization services, collection agencies, and other support organizations, so as to assure that the collection, maintenance, use, and disclosure practices of such organizations comply with the Commission's recommendations.

Recommendation 3

That Federal law be enacted or amended to provide that when an individual applies for credit, a credit grantor must notify the individual of:

(a) the types of information expected to be collected about him from third parties that are not collected on the application; and

(b) the types of institutional sources that are expected to be asked to provide information about him.

Recommendation 4

That Federal law be enacted or amended to provide that a credit grantor must limit:

(a) its own information collection practices in connection with an application for credit to those specified in the notice called for in Recommendation (3); and

(b) its request to any organization it asks to collect information on its behalf to information and sources specified in the notice called for in Recommendation (3).

Recommendation 5

That Federal law be enacted or amended to provide that an individual shall have a right to see and copy, upon request, all recorded information concerning him that a credit grantor has used to make an adverse credit decision about him.

Recommendation 6

That Federal law be enacted or amended to provide that a credit grantor must:

(a) disclose in writing to an individual who is the subject of an adverse credit decision:

(i) the specific reason(s) for the adverse decision:

(ii) the specific item(s) of information, in plain language, that support the reason(s) given pursuant to (a) (i) ;

(iii) the name(s) and address(es) of the institutional source(s) of the item(s) given pursuant to (a) (ii); and

(iv) the individual's right to see and copy, upon request, all recorded information pertaining to him used to make the adverse decision; and

(b) inform the individual of his rights provided by the Fair Credit Reporting Act, when the decision is based in whole or in part on information obtained from a credit bureau.

Recommendation 7

That the Federal Fair Credit Reporting Act be amended to provide that, upon request by an individual, a credit bureau or independent authorization service must:

(a) inform the individual, after verifying his identity, whether it has any recorded information pertaining to him;

(b) permit the individual to see and copy any such recorded information, in plain language, either in person or by mail; or

(d) permit the individual to use one or the other of the methods of access provided in (b) and (c), or both if he prefers.

The credit bureau or independent authorization service may charge a reasonable copying fee for any copies provided to the individual.

Recommendation 8

That the Federal Fair Credit Reporting Act be amended to provide that if a credit grantor learns it has reported any inaccurate information about an individual to a credit bureau or independent authorization service, it must notify the credit bureau or authorization service within a reasonable period of time so that the credit bureau or authorization service can correct its files.

Recommendation 9

That the Federal Fair Credit Reporting Act be amended to provide:

(a) that a credit card issuer must have reasonable procedures to assure that the information it discloses to an independent authorization service is accurate at the time of disclosure; and

(b) that an independent authorization service shall be subject to all requirements of the Act, except the requirement to disclose corrected information to prior recipients upon completion of a reinvestigation of disputed information.

Recommendation 10

That the Federal Fair Credit Reporting Act be amended to provide that a credit grantor must have reasonable procedures for notifying a collection agency within a reasonable period of time if an individual has been referred to the agency as a delinquent debtor on the basis of inaccurate information; also, if a debt previously referred to a collection agency has been satisfied, or a satisfactory partial payment has been made, the credit grantor must so notify the collection agency within a reasonable period of time and provide the individual with proof of its notification.

Recommendation 11

That the Federal Fair Credit Reporting Act be amended to provide that a credit bureau must not disclose to its subscribers information about previous inquiries concerning an individual except the number and date of inquiries received.

Recommendation 12

That Federal law be enacted or amended to provide:

(a) that a credit grantor must notify an individual with whom it has or proposes to have a credit relationship of the uses and disclosures which are expected to be made of the types of information it collects or maintains about him; and that with respect to routine disclosures to third parties which are necessary for servicing the credit relationship, the notification must include the specific types of information to be disclosed and the types of recipients;

(b) that information concerning an individual which a credit grantor collects to establish or service a credit relationship, as stated in the notification to the individual called for in (a), must be treated as confidential by the credit grantor; and thus any disclosures to third parties other than those necessary to service the credit relationship must be specifically directed or authorized by the individual, or in the case of marketing information, specifically described in the notification;

(c) that an individual must be considered to have a continuing interest in the use and disclosure of information a credit grantor maintains about him, and must be allowed to participate in any use or disclosure that would not be consistent with the original notification, except when a credit grantor discloses information about an individual in order to prevent or protect against the possible occurrence of fraud; and

(d) that any material changes or modifications in the use or disclosure policies of a credit grantor must be preceded by a notification that describes the change to an individual with whom the credit grantor has an established relationship.

A Note on Commercial Credit

Recommendation 13

That the Federal Fair Credit Reporting Act be amended to provide that information concerning an individual maintained by a credit bureau may be used only for credit related purposes, unless otherwise directed or authorized by the individual.

Recommendation 14

That government mechanisms should exist for individuals to question the propriety of information about individuals collected or used by commercial credit grantors, and to bring such objections to the appropriate bodies that establish public policy. Legislation specifically prohibiting the use, or collection and use, of a specific item of information may result; or an existing agency or regulatory body may be given authority or use its currently delegated authority
to make such a determination with respect to the reasonableness of future use, or collection and use, of a specific item of information.

Recommendation 15

That the Congress amend the Fair Credit Reporting Act to provide that, upon request, a commercial credit grantor must disclose in writing to an individual who is associated with a firm that is the subject of an adverse credit decision, based in whole or in part on information provided by a commercial reporting service, where such information pertains in whole or in part to that individual:

(a) the name and address of the commercial reporting service that provided the information; and

(b) the individual's rights provided by law with respect to a commercial reporting service.

Recommendation 16

That the Congress amend the Fair Credit Reporting Act to provide that, upon request by an individual, a commercial reporting service must:

(a) inform the individual, after verifying his identity, whether it has any recorded information pertaining to him connected with a report about a firm;

(b) permit the individual to see and copy any such recorded information, except the identity of sources, in plain language, either in person or by mail;

(d) permit the individual to use whichever of the methods of access provided in (b) and (c) he prefers. The commercial reporting service may charge a reasonable copying fee for any copies provided to the individual.

Recommendation 17

That the Congress amend the Fair Credit Reporting Act to provide that an individual has a right to correct or amend information pertaining to him that is maintained by a commercial reporting service or is provided an opportunity to file a concise statement of disagreement with the commercial reporting service.

Recommendation 18

That the Congress amend the Fair Credit Reporting Act to provide that commercial reporting services must have reasonable procedures to assure the accuracy of information pertaining to individuals included in reports produced by them.

Recommendation 19

That further examination of the need for additional requirements appropriate for commercial credit granting and credit reporting record keeping practices be undertaken.

With respect to commercial credit granting, the following specific areas should be examined:

(a) information collection practices;

(b) the need to protect the identity of sources other than commercial reporting services; and

(c) the adequacy of credit grantors' explanation of adverse credit decisions, pursuant to the Equal Credit Opportunity Act.

With respect to commercial reporting services, the following specific areas shouldbe examined:

(a) the time for reporting certain types of information, e.g., arrests and convictions;

(b) the need to protect identity of sources; and

THE DEPOSITORY RELATIONSHIP

The Commission recommends: Recommendation 1

That the Federal Fair Credit Reporting Act be amended to provide that a depository insituation must exercise reasonable care in the selection and use of credit bureaus, independent check guarantee services, and other support organizations, so as to assure that the collection, maintenance, use, and disclosure practices of such organizations comply with the Commission's recommendations.

Recommendation 2

That Federal law be enacted or amended to provide that when an individual applies for a depository service, a depository institution must notify the individual of:

(a) the types of information expected to be collected about him from third parties and that are not collected on the application;and

(b) the types of institutional sources that are expected to be asked to provide information about him.

Recommendation 3

That Federal law be enacted or amended to provide that a depository institution must limit:

(a) its own information collection practices in connection with an application for a depository service to those specified in the notice called for in Recommendation (2); and

(b) its request to any organization it asks to collect information on its behalf to information and sources specified in the notice called for in Recommendation (2).

Recommendation 4

That Federal law be enacted or amended to provide that an individual shall have a right to see and copy, upon request, all recorded information concerning him that a depository institution has used to make an adverse depository decision about him.

Recommendation 5

That Federal law be enacted or amended to provide that a depository institution must:

(a) disclose in writing to an individual who is the subject of an adverse depository decision:

(i) the specific reason(s) for the adverse decision;

(ii) the specific item(s) of information, in plain language, that supports the reason(s) given pursuant to (a) (i) ;

(iii) the name(s) and address(es) of the institutional source(s) of the item(s) given pursuant to (a) (ii); and

(iv) the individual's right to see and copy, upon request, all recorded information pertaining to him used to make the adverse decision; and

(b) inform the individual of his rights provided by the Fair Credit Reporting Act, when the decision is based in whole or in part on information obtained from a credit bureau or independent check guarantee service.

Recommendation 6

That the Federal Fair Credit Reporting Act be amended to provide that an independent check guarantee service shall be subject to all requirements of the Act, except the requirement to disclose corrected information to prior recipients upon completion of a reinvestigation of disputed information.

Recommendation 7

That the Federal Fair Credit Reporting Act be amended to provide that if a contributor learns it has incorrectly reported an individual to an independent check guarantee service, it must notify the check guarantee service within a reasonable period of time so that the service can correct its files.

Recommendation 8

That Federal law be enacted to provide: (a) that a depository institution must notify an individual with whom it has or proposes to have a depository relationship of the uses and disclosures which are expected to be made of the types of information it collects or maintains about him; and that with respect to routine disclosures to third parties which are necessary for servicing the depository relationship, the notification must include the specific types of information to be disclosed and the types of recipients;

(b) that information concerning an individual which a depository institution collects to establish or service a depository relationship, as stated in the notification to the individual called for in (a), must be treated as confidential by the depository institution; and thus any disclosures to third parties other than those necessary to service the depository relationship must be specifically directed or authorized by the individual, or in the case of marketing information, specifically described in the notification;

(c) that an individual must be considered to have a continuing interest in the use and disclosure of information a depository institution maintains about him, and must be allowed to participate in any use or disclosure that would not be consistent with the original notification, except when a depository institution discloses information about an individual in order to prevent or protect against the possible occurrence of fraud; and

(d) that any material changes or modifications in the use or disclosure policies of a depository institution must be preceded by a notification that describes the change to an individual with whom the depository institution has an established relationship.

Recommendation 9

That individually identifiable account information generated in the provision of EFT services be retained only in the account records of the financial institutions and other parties to a transaction, except that it may be retained by the EFT service provider to the extent, and for the limited period of time that such information is essential to fulfill the operational requirements of the service provider.

Recommendation 10

That procedures be established so that an individual can promptly correct inaccuracies in transactions or account records generated by an EFT service.

Recommendation 11

That no governmental entity be allowed to own, operate, or otherwise manage any part of an electronic payments mechanism that involves transactions among private parties.

MAILING LISTS

The Commission recommends: Recommendation 1

That a person engaged in interstate commerce who maintains a mailing list should not be required by law to remove an individual's name and address from such a list upon request of that individual, except as already provided by law.

Recommendation 2

That a private sector organization which rents, sells, exchanges, or otherwise makes the addresses, or names and addresses, of its customers, members, or donors available to any other person for use in direct mail marketing or solicitation, should adapt a procedure whereby each customer, member, or donor is informed of the organization's practice in that respect, including a description of the selection criteria that might be used in selling, renting or exchanging lists, such as ZIP codes, interest, buying patterns, and level of activity, and, in addition, is given an opportunity to indicate to the organization that he does not wish to have his address, or name and address, made available for such purposes. Further, when a private sector organization is informed by one of its customers, members, or donors that he does not want his address, or name and address, made available to another person for use in direct mail marketing or solicitation, the organization should promptly take whatever steps are necessary to assure that the name and address is not so used, including notifying a multiple response compiler or a credit bureau to whom the name and address has been disclosed with the prospect that it may be used to screen or otherwise prepare lists of names and addresses for use in direct mail marketing or solicitation.

Recommendation 3

That each State review the direct mail marketing and solicitation uses that are made of State agency records about individuals and for those that are used for such purposes, direct the State agency maintaining them to devise a procedure whereby an individual can inform the agency that he does not want a record pertaining to himself to be used for such purposes and have that fact noted in the record in a manner that will assure that the individual's preference will be communicated to any user of the record for direct mail marketing or solicitation. Special attention should be paid to Department of Motor Vehicle records and the practices of agencies who prepare mailing lists for the express purpose of selling, rentingor exchanging them with others.

THE INSURANCE RELATIONSHIP

The Commission recommends: Recommendation 1

That governmental mechanism should exist for individuals to question the propriety of information collected or used by insurance institutions, and to bring such objections to the appropriate bodies which establish public policy. Legislation specifically prohibiting the use, or collection and use, of a specific item of information may result; or an existing agency or regulatory body may be given authority, or use its currently delegated authority, to make such determination with respect to the reasonableness of future use, or collection and use, of a specific item of information.

Recommendation 2

That the Federal Fair Credit Reporting Act be amended to provide that no insurance institution or insurance support organization may attempt to obtain information about an individual through pretext interviews or other false or misleading representations that seek to conceal the actual purpose(s) of the inquiry or investigation, or the identity or representative capacity of the inquirer or investigator.

Recommendation 3

That the Federal Fair Credit Reporting Act be amended to provide that each insurance institution and insurance support organization must exercise reasonable care in the selection and use of insurance support organizations, so as to assure that the collection, maintenance, use, and disclosure practices of such organizations comply with the Commission's recommendations.

Recommendation 4

That each insurance institution and insurance support organization in order to maximize fairness in its decision making processes, have reasonable procedures to assure the accuracy, completeness, and timeliness of information it collects, maintains, or discloses about an individual.

Recommendation 5

That an insurance institution, prior to collecting information about an applicant or principal insured from another person in connection with an insurance transaction, notify him as to:

(a) the types of information expected to be collected about him from third parties and that are not collected on the application, and, as to information regarding character, general reputation, and mode of living, each area of inquiry;

(b) the techniques that may be used to collect such types of information;

(d) the types of parties to whom and circumstances under which information about the individual may be disclosed without his authorization, and the types of information that may be disclosed;

(e) the procedures established by statute by which the individual may gain access to any resulting record about himself;

(f) the procedures whereby the individual may correct, amend, delete, or dispute any resulting record about himself;

(g) the fact that information in any report prepared by a consumer reporting agency (as defined by the Fair Credit Reporting Act) may be retained by that organization and subsequently disclosed by it to others.

Recommendation 6

That an insurance institution limit:

(a) its own information collection and disclosure practices to those specified in the notice called for in Recommendation 5; and

(b) its request to any organization it asks to collect information on its behalf to information, techniques, and sources specified in the notice called for in Recommendation 5.

Recommendation 7

That any insurance institution or insurance support organization clearly specify to an individual those items of inquiry desired for marketing, research, or other purposes not directly related to establishing the individual's eligibility for an insurance benefit or service being sought and which may be used for such purposes in individually identifiable form.

Recommendation 8

That no insurance institution or insurance support organization ask, require, or otherwise induce an individual, or someone authorized to act on his behalf, to sign any statement authorizing any individual or institution to disclose information about him, or about any other individual, unless the statement is:

(a) in plain language;

(b) dated;

(c) specific as to the individuals and institutions he is authorizing to disclose information about him who are known at the time the authorization is signed, and general as to others whose specific identity is not known at the time the authorization is signed;

(d) specific as to the nature of the information he is authorizing to be disclosed;

(e) specific as to the individuals or institutions to whom he is authorizing information to be disclosed;

(f) specific as to the purpose(s) for which the information may be used by any of the parties named in (e), both at the time of the disclosure and at any time in the future;

(g) specific as to its expiration date which should be for a reasonable period of time not to exceed one year, and in the case of life insurance or noncancelable or guaranteed renewable health insurance, two years after the date of the policy.

Recommendation 9

That the Federal Fair Credit Reporting Act be amended to provide that any insurance institution that may obtain an investigative report on an applicant or insured inform him that he may, upon request, be interviewed in connection with the preparation of the investigative report. The insurance institution and investigative agency must institute reasonable procedures to assure that such interviews are performed if requested. When an individual requests an interview and cannot reasonably be contacted, the obligation of the institution preparing the investigative report can be discharged by mailing a copy of the report, when prepared, to the individual.

Recommendation 10

That the Federal Fair Credit Reporting Act be amended to provide:

(a) That, upon request by an individual, an insurance institution or insurance support organization must:

(i) inform the individual, after verifying his identity, whether it has any recorded information pertaining to him; and

(ii) permit the individual to see and copy any such recorded information, either in person or by mail; or

(iii) apprise the individual of the nature and substance of any such recorded information by telephone; and

(iv) Permit the individual to use one or the other of the methods of access provided in (a) (11) and (iii), or both if he prefers.

The insurance institution or insurance support organization may charge a reasonable copying fee for any copies provided to the individual. Any such recorded information should be made available to the individual, but need not contain the name or other identifying particulars of any source (other than an institutional source) of information in the record who has provided such information on the condition that his identity not be revealed, and need not reveal a confidential numerical code.

(b) That notwithstanding part (a), with respect to medical record information maintained by an insurance institution or an insurance support organization, an individual has a right of access to that information, either directly or through a licensed medical professional designated by the individual, whichever the insurance institution or support organization prefers.

Recommendation 11

That the Federal Fair Credit Reporting Act be amended to provide that each insurance institution and insurance support organization permit an individual to request correction, amendment, or deletion of a record pertaining to him; and

(a) within a reasonable period of time: (1) correct or amend (including supplement) any portion thereof which the individual reasonably believes is not accurate, timely, or complete; and

(ii) delete any portion thereof which is not within the scope of information the individual was originally told would be collected about him; and

(b) furnish the correction, amendment, or fact of deletion to any person or organization specifically designated by the individual who may have, within two years prior thereto, received any such information; and, automatically, to any insurance support organization whose primary source of information on individuals is insurance institutions when the support organization has systematically received any such information from the insurance institution within the preceding seven years, unless the support organization no longer maintains the information, in which case, furnishing the correction, amendment, or fact of deletion is not required; and automatically to any insurance support organization that furnished the information corrected, amended, or deleted; or

(c) inform the individual of its refusal to correct or amend the record in accordance with his request and of the reason(s) for the refusal; and

(i) permit an individual who disagrees with the refusal to correct or amend the record to have placed on or with the record a concise statement setting forth the reasons for his disagreement; and

(ii) in any subsequent disclosure outside the insurance institution or support organization containing information about which the individual has filed a statement of dispute, clearly note any portion of the record which is disputed, and provide a copy of the statement along with the information being disclosed; and

(iii) furnish the statement of dispute to any person or organization specifically designated by the individual who may have, within two years prior thereto, received any such information; and, automatically, to an insurance support organization whose primary source of information on individuals is insurance institutions when the support organization has received any such information from the insurance institution within the preceding seven years, unless the support organization no longer maintains the information, in which case, furnishing the statement is not required; and, automatically, to any insurance support organization that furnished the disputed information.

(d) limit its reinvestigation of disputed information to those record items in dispute.

Recommendation 12

That notwithstanding Recommendation (11) (a) (i), if an individual who is the subject of medical record information maintained by an insurance institution or insurance support organization requests correction or amendment of such information, the insurance institution or insurance support organization be required to:

(a) disclose to the individual or to a medical professional designated by him, the identity of the medical care provider who was the source of the medical record information; and

(b) make the correction or amendment requested within a reasonable period of time, if the medical care provider who was the source of the information agrees that it is inaccurate or incomplete; and

(c) establish a procedure whereby an individual who is the subject of medical record information maintained by an insurance institution or insurance support organization, and who believes that the information is incorrect or incomplete, would be provided an opportunity to present supplemental information of a limited nature for inclusion in the medical record information maintained by the insurance institution or support organization, provided that the source of the supplemental information is also included.

Recommendation 13

That the Federal Fair Credit Reporting Act be amended to provide that an insurance institution must:

(a) disclose in writing to an individual who is the subject of an adverse underwriting decision:

(1) the specific reason(s) for the adverse decision;

(ii) the specific item(s) of information that support(s) the reason(s) given pursuant to (a) (i), except that medical record information may be disclosed either directly or through a licensed medical professional designated by the individual, whichever the insurance institution prefers;

(iii) the name(s) and address(es) of the institutional source(s) of the item(s) given pursuant to (a) (ii); and

(iv) the individual's right to see and copy, upon request, all recorded information concerning the individual used to make the adverse decision, to the extent recorded information exists;

(b) permit the individual to see and copy, upon request, all recorded information pertaining to him used to make the adverse decision, to the extent recorded information exists, except that (1) such information need not contain the name or other identifying particulars of any source (other than an institutional source) who has provided such information on the condition that his or her identity not be revealed, and (ii) an individual may be permitted to see and copy medical record information either directly or through a licensed medical professional designated by the individual, whichever the insurance institution prefers. The insurance institution should be allowed to charge a reasonable copying fee for any copies provided to the individual;

(i) the procedures whereby he can correct, amend, delete, or file a statement of dispute with respect to any information disclosed pursuant to (a) and (b); and

(ii) the individual's rights provided by the Fair Credit Reporting Act, when the decision is based in whole or in part on information obtained from a consumer reporting agency (as defined by the Fair Credit Reporting Act);

(d) establish reasonable procedures to assure the implementation of the above.

Recommendation 14

That no insurance institution or insurance support organization:

(a) make inquiry as to:

(i) any previous adverse underwriting decision on an individual, or

(ii) whether an individual has obtained insurance through the substandard (residual) insurance market.

unless the inquiry requests the reasons for such treatment; or

(b) make any adverse underwriting decision based, in whole or in part, on the mere fact of:

(i) a previous adverse underwriting decision, or

(ii) an individual having obtained insurance through the substandard (residual) market.

An insurance institution may, however, base an adverse underwriting decision on further information obtained from the source, including other insurance institutions.

Recommendation 15

That no insurance institution base an adverse underwriting decision, in whole or in part, on information about an individual it obtains from an insurance support organization whose primary source of information is insurance institutions or insurance support organizations; however, the insurance institution may base an adverse underwriting decision on further information obtained from the original source, including another insurance institution.

Recommendation 16

That Federal law be enacted to provide that no insurance institution or insurance support organization may disclose to another insurance institution or insurance support organization information pertaining to an individual's medical history, diagnosis, condition, treatment, or evaluation, even with the explicit authorization of the individual, unless the information was obtained directly from a medical care provider, the individual himself, his parent, spouse, or guardian.

Recommendation 17

That Federal law be enacted to provide that each insurance institution and insurance support organization be considered to owe a duty of confidentiality to any individual about whom it collects or receives information in connection with an insurance transaction, and that therefore, no insurance institution or support organization should disclose, or be required to disclose, in individually identifiable form, any information about any such individual without the individual's explicit authorization, unless the disclosure would be:

(a) to a physician for the purpose of informing the individual of a medical problem of which the individual may not be aware;

(b) from an insurance institution to a reinsurer or coinsurer, or to an agent or contractor of the insurance institution, including a sales person, independent claims adjuster, or insurance investigator, or to an insurance support organization whose sole source of information is insurance institutions, or to any other party in interest to the insurance transaction, provided:

(i) that only such information is disclosed as is necessary for such reinsurer, coinsurer, agent, contractor, insurance support organization, or other party in interest to perform its function with regard to the individual or the insurance transaction;

(ii) that such reinsurer, coinsurer, agent, contractor, insurance support organization or other party in interest is prohibited from redisclosing the information without the authorization of the individual except, in the case of insurance institutions and insurance support organizations, as otherwise provided in this recommendation; and

(iii) that the individual, if other than a third party claimant, is notified at least initially concurrent with the application that such disclosure may be made and can find out if in fact it has been made; and

(iv) that in no instance shall information pertaining to an individual's medical history, diagnosis, condition, treatment, or evaluation be disclosed, even with the explicit authorization of the individual, unless the information was obtained directly from a medical care provider, the individual himself, or his parent, spouse, or guardian;

(c) from an insurance support organization whose sole source of information is insurance institution or self-insurer to an insurance institution or self-insurer, provided;

(i) that the sole function of the insurance support organization is the detection or prevention of insurance fraud in connection with claim settlements;

(ii) that, if disclosed to a self-insurer, the self-insurer assumes the same duty of confidentiality with regard to that information which is required of insurance institutions and insurance support organizations; and

(iii) that any insurance institution or self-insurer that receives information from any such insurance support organization is prohibited from using such information for other than claim purposes;

(d) to the insurance regulator of a State or its agent or contractor, for an insurance regulatory purpose statutorily authorized by the State;

(e) to a law enforcement authority:

(i) to protect the legal interest of the insurer, reinsurer, coinsurer, agent, contractor, or other party in interest to prevent and to prosecute the perpetration of fraud upon them; or

(ii) when the insurance institution or insurance support organization has a reasonable belief of illegal activities on the part of the individual;

(f) pursuant to a Federal, State, or local compulsory reporting statute or regulation;

(g) in response to a lawfully issued administrative summons or judicial order, including a search warrant or subpoena.

THE EMPLOYMENT RELATIONSHIP

The Commission recommends: Recommendation 1

That an employer periodically and systematically examine its employment and personnel record keeping practices, including a review of:

(a) the number and types of records it maintains on individual employees, former employees, and applicants;

(b) the items of information contained in each type of employment record it maintains;

(d) the uses made of such records within the employing organization;

(e) the disclosures made of such records to parties outside the employing organization; and

(f) the extent to which individual employees, former employees, and applicants are both aware and systematically informed of the uses and disclosures that are made of information in the records kept about them.

Recommendation 2

That an employer articulate, communicate, and implement fair information practice policies for employment records which should include :

(a) limiting the collection of information on individual employees, former employees,and applicants to that which is relevant to specific decisions;

(b) informing employees, applicants, and former employees who maintain a continuing relationship with the employer of the uses to be made of such information;

(d) adopting reasonable procedures to assure the accuracy, timeliness, and completeness of information collected, maintained, used, or disclosed about individual employees, former employees, and applicants.

(e) permitting individual employees, former employees, and applicants to see, copy, correct, or amend the records maintained about them;

(f) limiting the internal use of records maintained on individual employees, former employees, and applicants;

(g) limiting external disclosures of information in records kept on individual employees, former employees, and applicants, including disclosures made without the employee's authorization in response to specific inquiries or requests to verify information about him; and

(h) providing for regular review of compliance with articulated fair information practice policies.

Recommendation 3

That Federal law be enacted or amended to forbid an employer from using the polygraph or other truth verification equipment to gather information from an applicant or employee.

Recommendation 4

That the Federal Fair Credit Reporting Act be amended to provide that no employer or investigative firm conducting an investigation for an employer for the purpose of collecting information to assist the employer in making a decision to hire, promote, or reassign an individual may attempt to obtain information about the individual through pretext interviews or other false or misleading representations that seek to conceal the actual purpose(s) of the inquiry or investigation, or the identity or representative capacity of the employer or investigator.

Recommendation. 5

That the Federal Fair Credit Reporting Act be amended to provide that each employer and agent of an employer must exercise reasonable care in the selection and use of investigative organizations, so as to assure that the collection, maintenance, use, and disclosure practices of such organizations comply with the Commission's recommendations.

Recommendation 6

That except as specifically required by Federal or State statute or regulation, or by municipal ordinance or regulation, an employer should not seek or use a record of arrest pertaining to an individual applicant or employee.

Recommendation 7

That existing Federal and State statutes and regulations, and municipal ordinances and regulations, which require an employer to seek or use an arrest record pertaining to an individual applicant or employee be amended so as not to require that an arrest record be sought or used if it is more than one year old and has not resulted in a disposition; and that all subsequently enacted statutes, regulations, and ordinances incorporate this same limitation.

Recommendation 8

That legislative bodies review their licensing requirements and amend any statutes, regulations, or ordinances to assure that unless arrest records for designated offenses re specifically required by statute, regulation, or ordinance, they will not be collected by administrative bodies which decide on an individual's qualifications for occupational licensing.

Recommendation 9

That the Law Enforcement Assistance Administration study or, by its grant or contract authority, designate others to study, alternative approaches to establishing within State and local criminal justice information systems the capacity to limit disclosures of arrest information to employers to that which they are lawfully required to obtain, and to improve the system's capacity to maintain accurate and timely information regarding the status of arrests and dispositions.

Recommendation 10

That when an arrest record is lawfully sought or used by an employer to make a specific decision about an applicant or employee, the employer should not maintain the record for a period longer than specifically required by law, if any, or unless there is an outstanding indictment.

Recommendation 11

That unless otherwise required by law, an employer should seek or use a conviction record pertaining to an individual applicant or employees only when the record is directly relevant to a specific employment decision affecting the individual.

Recommendation 12

That where conviction information is collected, it should be maintained separately from other individually identifiable employment records so that it will not be available to persons who have no need for it.

Recommendation 13

That Congress direct the Department of Defense to reassess the extent to which the current military discharge system and the administrative codes on military discharge records have needless discriminatory consequences for the individual in civilian employment and should, therefore, be modified.The reassessment should pay particular attention to the separation program number (SPN) codes administratively assigned to discharges so as to determine how better to limit their use and dissemination, and should include a determination as to the feasibility of:

(a) issuing new DD214 forms to all dischargees whose forms currently include SPN numbers;

(b) restricting the use of SPN codes to the Department of Defense and the Veterans Administration, for designated purposes only; and

(c) prohibiting the disclosure of codes and the narrative descriptions supporting them to an employer, even where such disclosure is authorized by the dischargee.

Recommendation 14

That the Federal Fair Credit Reporting Act be amended to provide that an employer, prior to collecting, or hiring others to collect, from sources outside of the employing organization the type of information generally collected in making a consumer report or consumer investigative report (as defined by the Fair Credit Reporting Act) about an applicant, employee, or other individual in connection with an employment decision, notify the applicant, employee, or other individual as to:

(a) the types of information expected to be collected about him from third parties that are not collected on an application, and, as to information regarding character, general reputation, and mode of living, each area of inquiry;

(b) the techniques that may be used to collect such types of information;

(d) the types of parties to whom and circumstances under which information about the individual may be disclosed without his authorization, and the types of information that may be disclosed;

(e) the procedures established by statute by which the individual may gain access to any resulting record about himself;

(f) the procedures whereby the individual may correct, amend, or dispute any resulting record about himself; and

Recommendation 15

That the Fair Credit Reporting Act be amended to provide that an employer limit:

(a) its own information collection and disclosure practices to those specified in the notice called for in Recommendation 14; and (b) its request to any organization it asks to collect information on its behalf to information, techniques, and sources specified in the notice called for in Recommendation 14.

Recommendation 16

That no employer or consumer reporting agency (as defined by the Fair Credit Reporting Act) acting on behalf of an employer ask, require, or otherwise induce an applicant or employee to sign any statement authorizing any individual or institution to disclose information about him, or about any other individual, unless the statement is:

(a) in plain language;

(b) dated;

(d) specific as to the nature of the information he is authorizing to be disclosed;

(e) specific as to the individuals or institutions to whom he is authorizing information to be disclosed;

(f) specific as to the purpose(s) for which the information may be used by any of the parties named in (e) at the time of the disclosure; and

(g) specific as to its expiration date which should be for a reasonable period of time not to exceed one year.

Recommendation 17

That as a matter of policy an employer should:

(a) designate clearly:

(i) those records about an employee, former employee, or applicant for employment (including any individual who is being considered for employment but who has not formally applied) which the employer will allow such employee, former employee, or applicant to see and copy on request; and

(ii) those records about an employee, former employee, or applicant which the employer will not make available to the employee, former employee, or applicant, except that an employer should not designate as an unavailable record any recorded evaluation it makes of an individual's employment performance, any medical record or insurance record it keeps about an individual, or any record about an individual that it obtains from a consumer reporting agency (as defined by the Fair Credit Reporting Act), or otherwise creates about an individual in the course of an investigation related to an employment decision not involving suspicion of wrongdoing;

(b) assure that its employees are informed as to which records are included in categories (a) (i) and (ii) above; and

(i) inform the individual, after verifying his identity, whether it has any recorded information pertaining to him that is designated as records he may see and copy; and

(ii) permit the individual to see and copy any such record(s), either in person or by mail; or

(iii) apprise the individual of the nature and substance of any such record(s) by telephone; and

(iv) permit the individual to use one or the other of the methods of access provided in (c) (ii) and (iii), or both if he prefers, except that the employer could refuse to permit the individual to see and copy any record if he has designated as an unavailable record pursuant to (a) (ii), above.

Recommendation 18

That the Fair Credit Reporting Act be amended to provide:

(a) that an applicant or employee shall have a right to:

(i) see and copy information in an investigative report maintained either by a consumer reporting agency (as defined by the Fair Credit Reporting Act) or by the employer that requested it; and

(ii) correct, amend (including supplement), or dispute in writing, any information in an investigative report maintained either by a consumer reporting agency (as defined by the Fair Credit Reporting Act) or by the employer that requested it;

(b) that an employer must automatically inform a consumer reporting agency (as defined by the Fair Credit Reporting Act) of any correction or amendment of information made in an investigative report at the request of the individual, or any other dispute statement made in writing by the individual; and

(c) that an employer must provide an applicant or employee on whom an investigative report is made with a copy of that report at the time it is made by or given to the employer.

Recommendation 19

That, upon request, an individual who is the subject of a medical record maintained by an employer, or another responsible person designated by the individual, be allowed to have access to that medical record, including an opportunity to see and copy it. The employer should be able to charge a reasonable fee (not to exceed the amount charged to third parties) for preparing and copying the record.

Recommendation 20

That, upon request, an individual who is the subject to medical record information maintained by an employer be allowed to have access to that information either directly or through a licensed medical professional designated by the individual.

Recommendation 21

That an employer that acts as a provider or administrator of an insurance plan, upon request by an applicant, employee, or former employee should:

(a) inform the individual, after verifying his identity, whether it has any recorded information about him that pertains to the employee's insurance relationship with him;

(b) permit the individual to see and copy any such recorded information, either in person or by mail; or

(d) permit the individual to use whichever of the methods of access provided in (b) and (c) he prefers.

The employer should be able to charge a reasonable copying fee for any copies provided to the individual. Any such recorded information should be made available to the individual, but need not contain the name or other identifying particulars of any source (other than an institutional source) of information in the record who has provided such information on the condition that his or her identity not be revealed, and needed not reveal a confidential numerical code.

Recommendation 22

That, except for a medical record or an insurance record, or any record designated by an employer as an unavailable record, an employer should voluntarily permit an individual employee, former employee, or applicant to request correction or amendment of a record pertaining to him; and

(a) within a reasonable period of time correct or amend (including supplement) any portion thereof which the individual reasonably believes is not accurate, timely, or complete; and

(b) furnish the correction or amendment to any person or organization specifically designated by the individual who may have, within two years prior thereto, received any such information; and, automatically to any consumer reporting agency (as defined by the Fair Credit Reporting Act) that furnished the information corrected or amended; or

(c) inform the individual of its refusal to correct or amend the record in accordance with his request and of the reason(s) for the refusal; and

(i) permit an individual who disagrees with the refusal to correct or amend the record to have placed on or with the record a concise statement setting forth the reasons for his disagreement;

(ii) in any subsequent disclosure outside the employing organization containing information about which the individual has filed a statement of dispute, clearly note any portion of the record which is disputed, and provide a copy of the statement along with the information being disclosed; and

(iii) furnish the statement to any person or organization specifically designated by the individual who may have, within two years prior thereto, received any such information; and, automatically, to any consumer reporting agency (as defined by the Fair Credit Reporting Act) that furnished the disputed information; and

(d) limit its reinvestigation of disputed information to those record items in dispute.

Recommendation 23

That an employer establish a procedure whereby an individual who is the subject of a medical record maintained by the employer can request correction or amendment of the record. When the individual requests correction or amendment, the employer should, within a reasonable period of time, either:

(a) make the correction or amendment requested, or

(b) inform the individual of its refusal to do so, the reason for the refusal, and of the procedure, if any, for further review of the refusal.

In addition, if the employer decides that it will not correct or amend a record in accordance with the individual's request, the employer should permit the individual to file a concise statement of the reasons for the disagreement, and in any subsequent disclosure of the disputed information include a notation that the information is disputed and the statement of disagreement. In any such disclosure, the employer may also include a statement of the reasons for not making the requested correction or amendment.

Finally, when an employer corrects or amends a record pursuant to an individual's request, or accepts a notation of dispute and statement of disagreement, it should furnish the correction, amendment, or statement of disagreement to any person specifically designated by the individual to whom the employer has previously disclosed the inaccurate, incomplete, or disputed information.

Recommendation 24

That notwithstanding Recommendation (22), when an individual who is the subject of medical record information maintained by an employer requests correction or amendment of such information, the employer should:

(a) disclose to the individual, or to a medical professional designated by him, the identity of the medical care provider who was the source of the medical record information;

(b) make the correction or amendment requested within a reasonable period of time, if the medical care provider who was the source of the information agrees that it is inaccurate or incomplete; and

(c) establish a procedure whereby an individual who is the subject of medical record information maintained by an employer, and who believes that the information is incorrect or incomplete, would be provided an opportunity to present supplemental information of a limited nature for inclusion in the medical record information maintained by the employer, provided that the source of the supplemental information is also included.

Recommendation 25

That when an employer acts as a provider or administrator of an insurance plan, the employer should:

(a) permit an individual to request correction or amendment of a record pertaining to him;

(b) within a reasonable period of time, correct or amend (including supplement) ally portion thereof which the individual reasonably;

(c) furnish the correction or amendment to any person or organization specifically designated by the individual who may have, within two years prior thereto, received any such information; and, automatically, to any insurance support organization whose primary source of information on individuals is insurance institutions when the support organization has systematically received any such information from the employer within the preceding seven years, unless the support organization no longer maintains the information, in which case, furnishing the correction or amendment would not be necessary; and, automatically, to any insurance support organization that furnished the information corrected or amended; or

(d) inform the individual of its refusal to correct or amend the record in accordance with his request and of the reason(s) for the refusal; and

(i) permit an individual who disagrees with the refusal to correct or amend the record to have placed on or with the record a concise statement setting forth the reasons for his disagreement;

(ii) in any subsequent disclosure outside the employing organization containing information about which the individual has filed a statement of dispute, clearly note any portion of the record which is disputed and provide a copy of the statement along with the information being disclosed; and

(iii) furnish the statement to any person or organization specifically designated by the individual who may have, within two years prior thereto, received any such information; and, automatically to an insurance support organization whose primary source of information on individuals is insurance institutions when the support organization has received any such information from the employer within the preceding seven years, unless the support organization no longer maintains the information, in which case, furnishing the statement would not be necessary; and, automatically, to any insurance support organization that furnished the disputed information; and

(e) limit its reinvestigation of disputed information to those record items in dispute.

Recommendation 26

That an employer assure that the personnel and payroll records it maintains are available internally only to authorized users and on a need-to-know basis.

Recommendation 27

That an employer:

(a) maintain security records apart from other records; and

(b) inform an employee whenever information from a security record is transferred to his personnel record.

Recommendation 28

That an employer that maintains an employment related medical record about an individual assure that no diagnostic or treatment information in any such record is made available for use in any employment decision; and

Recommendation 29

That an employer that provides a voluntary health care program for its employees assure that any medical record generated by the program is maintained apart from any employment related medical record and not used by any physician in advising on any employment related decision or in making any employment related decision without the express authorization of the individual to whom the record pertains.

Recommendation 30

That an employer that provides life or health insurance as a service to its employees assure that individually identifiable insurance records are maintained separately from other records and not available for use in making employment decisions; and further

Recommendation 31

That an employer that provides work related insurance for employees, such as worker's compensation, voluntary sick pay, or short or long term disability insurance, assure that individually identifiable records pertaining to such insurance are available internally only to authorized recipients and on a need-to-know basis.

Recommendation 32

That an employer clearly inform all its applicants upon request, and all employees automatically, of the types of disclosures it may make of information in the records it maintains on them, including disclosures of directory information, and of its procedures for involving the individual in particular disclosures.

Recommendation 33

That each employer be considered to owe a duty of confidentiality to any individual employee, former employee, or applicant about whom it collects information; and that, therefore, no employer or consumer reporting agency (as defined by the Fair Credit Reporting Act) which collects information about an applicant or employee on behalf of an employer should disclose, or be required to disclose, in individually identifiable form, any information about any individual applicant, employee, or former employee, without the explicit authorization o1 such individual, unless the disclosure would be:

(a) in response to a request to provide or verify information designated by the employer as directory information, which should not include more than:

(1) the fact of past or present employment;

(ii) dates of employment;

(iii) title or position;

(iv) wage or salary; and

(v) location of job site;

(b) an individual's dates of attendance at work and home address in response to a request by a properly identified law enforcement authority;

(c) a voluntary disclosure to protect the legal interests of that employer when the employer believes the actions of the applicant, employee, or former employee violate the conditions of employment or otherwise threaten physical injury to the property of the employer or to the person of the employer or any of his employees;

(d) to a law enforcement authority when the employer reasonably believes that an applicant, employee, or former employee has been engaged in illegal activities;

(e) pursuant to a Federal, State, or local compulsory reporting statute or regulation;

(f) to a collective bargaining unit pursuant to a collective bargaining contract;

(g) to an agent or contractor of the employer, provided:

(i) that only such information is disclosed as is necessary for such agent or contractor to perform its function for the employer;

(ii) that the agent or contractor is prohibited from redisclosing the information; and

(iii) that the individual is notified that such disclosure may be made and can find out if in fact it has been made;

(h) to a physician for the purpose of informing the individual of a medical problem of which he may not be aware; and

(1) in response to a lawfully issued administrative summons or judicial order, including a search warrant or subpoena.

Recommendation 34

That Congress direct the Department of Labor to review the extent to which medical records made to protect individuals exposed to hazardous environments or substances in the workplace are or may come to be used to discriminate against them in employment. This review should include an examination of the feasibility of:

(a) restricting the availability of records generated by medical examinations and tests conducted in accordance with OSHA requirements for use in making employment decisions; and

(b) establishing mechanisms to protect employees whose health has been affected by exposure to hazardous environments or substances from the economic consequences of employers' decisions concerning their employability.

RECORD KEEPING IN THE MEDICAL CARE RELATIONSHIP

The Commission recommends: Recommendation 1

That the Congress, through amendment of the Social Security Act, authorize the Secretary of Health, Education, and Welfare to promulgate regulations requiring:

(a) that medical care providers whose services are paid for directly or indirectly under Titles XVIII and XIX of the Social Security Act develop specific procedures for implementing Commission Recommendations (5), (7), (9), (10), (11), (12), (13), (14);

(b) that such providers be required to show evidence of compliance with these recommendations as a condition of participation in the Medicare and Medicaid programs; and

(c) that all records of surveys of compliance with the procedures developed pursuant to the Commission's recommendations be a matter of public record and open to public inspection, provided, however, that the names or other identifying particulars of patients are deleted prior to public release.

Recommendation 2

That each State enact a statute creating individual rights of access to, and correction of, medical records, and an enforceable expectation of confidentiality for medical records consistent with Commission recommendations in these areas.

Recommendation 3

That any medical care provider not subject to either of the Commission's two general recommendations on implementation voluntarily establish procedures to comply with the specific recommendations set forth below.

Recommendation 4

That Federal and State penal codes be amended to make it a criminal offense for any individual knowingly to request or obtain medical record information from a medical care provider under false pretenses or through deception.

Recommendation 5

That upon request, an individual who is the subject of a medical record maintained by a medical care provider, or another responsible person designated by the individual, be allowed to have access to that medical record, including an opportunity to see and copy it. The medical care provider should be able to charge a reasonable fee (not to exceed the amount charged to third parties) for preparing and copying the record.

Recommendation 6

That upon request, an individual who is the subject of medical record information maintained by an organization which is not a medical care provider be allowed to have access to that information either directly or through a licensed medical care professional designated by him.

Recommendation 7

That each medical care provider have a procedure whereby an individual who is the subject of a medical record it maintains can request correction or amendment of the record. When the individual requests correction or amendment, the medical care provider must, within a reasonable period of time, either:

(a) make the correction or amendment requested; or

(b) inform the individual of its refusal to do so, the reason for the refusal, and of the procedure, if any, for further review of the refusal.

In addition, if the medical care provider refuses to correct or amend a record in accordance with the individual's request, the provider must permit the individual to file a concise statement of the reasons for the disagreement, and in any subsequent disclosure of the disputed information include a notation that the information is disputed and furnish the statement of disagreement. In any such disclosure, the provider may also include a statement of the reasons for not making the requested correction or amendment.

Finally, when a medical care provider corrects or amends a record pursuant to an individual's request, or accepts a notation of dispute and statement of disagreement, it should be required to furnish the correction, amendment, or statement of disagreement to any person specifically designated by the individual to whom the medical care provider has previously disclosed the inaccurate, incomplete, or disputed information.

Recommendation 8

That when an individual who is the subject of medical record information maintained by an organization whose relationship to the individual is not that of a medical care provider requests correction or amendment of such information, the organization should disclose to the individual, or to a medical care professional designated by him, the identity of the medical care provider who was the source of the information; and further,

That if the medical care provider who was the source of the information agrees that it is inaccurate or incomplete, the organization maintaining it should promptly make the correction or amendment requested.

In addition, a procedure should be established whereby an individual who is the subject of medical record information maintained by an organization whose relationship to him is not that of a medical care provider, and who believes that the information is incorrect or incomplete, would be provided an opportunity to present supplemental information, of a limited nature, for inclusion in the organization's record, provided that the source of the supplemental information is also included in the record.

Recommendation 9

That each medical care provider is required to take affirmative measures to assure that the medical records it maintains are made available only to authorized recipients and on a "need-to-know" basis.

Recommendation 10

That each medical care provider be considered to owe a duty of confidentiality to any individual who is the subject of a medical record it maintains, and that, therefore, no medical care provider should disclose, or be required to disclose, in individually identifiable form, any information about any such individual without the individual's explicit authorization, unless the disclosures would be:

(a) to another medical care provider who is being consulted in connection with the treatment of the individual by the medical care provider;

(b) to a properly identified recipient pursuant to a showing of compelling circumstances affecting the health and safety of an individual provided that:

(i) an accounting of any such disclosure is kept; and

(ii) the individual who is the subject of the information disclosed can find out that the disclosure has been made and to whom it has been made;

(c) for use in conducting a biomedical or epidemiological research project, provided that the medical care provider maintaining the medical record:

(i) determines that such use or disclosure does not violate any limitations under which the record or information was collected;

(ii) ascertains that use or disclosure in individually identifiable form is necessary to accomplish the research or statistical purpose for which use or disclosure is to be made;

(iii) determines that the importance of the research or statistical purpose for which any use or disclosure is to be made is such as to warrant the risk to the individual from additional exposure of the record or information contained therein;

(iv) requires that adequate safeguards to protect the record or information from unauthorized disclosure be established and maintained by the user or recipient, including a program for removal or destruction of identifiers; and

(v) consents in writing before any further use or redisclosure of the record or information in individually identifiable form is permitted;

(d) for an audit or evaluation purpose specifically required by law, provided that an accounting of such disclosures is kept and the individual who is the subject of the information being disclosed can find out that the disclosure has been made and to whom;

(e) for an audit or evaluation purpose not specifically required by law, provided that:

(i) any further use or redisclosure of the information in individually identifiable form is prohibited;

(ii) adequate safeguards to protect the medical record information from unauthorized disclosure are established by the user or recipient including a program for removal or destruction of identifiers;

(iii) an accounting of such disclosures is kept and the individual who is the subject of the information being disclosed can find out that the disclosure has been made and to whom;

(f) pursuant to a statute that requires the medical care provider to report specific diagnoses to a public health authority, and the individual is notified of each such disclosure;

(g) pursuant to a statute that requires the medical care provider to report specified items of information about the individual to a law enforcement authority, and the individual is notified of each such disclosure;

(h) limited to location and status information (such as room number, dates of hospitalization, and general condition) provided that:

(i) the patient or his authorized representative does not object to the disclosure; and

(ii) such disclosure is limited to items specified in the general notice to the individual called for in Recommendation (12) ; or

(1) pursuant to a lawful judicial summons or subpoena consistent with the recommendations of the Commission on government access.

Recommendation 11

That any disclosure of medical record information by a medical care provider, with or without the authorization of the individual to whom it pertains, be limited only to information necessary to accomplish the purpose for which the disclosure is made.

Recommendation 12

That each medical care provider be required to notify an individual on whom it maintains a medical record of the disclosures that may be made of information in the record without the individual's express authorization.

Recommendation 13

That whenever an individual's authorization is required before a medical care provider may disclose information it collects or maintains about him, the medical care provider should not accept as valid any authorization which is not:

(a) in writing;

(b) signed by the individual on a date specified or by someone authorized in fact to act in his behalf;

(c) clear as to the fact that the medical care provider is among those either specifically named or generally designated by the individual as being authorized to disclose information about him;

(d) specific as to the nature of the information the individual is authorizing to be disclosed;

(e) specific as to the institutions or other persons to whom the individual is authorizing information to be disclosed;

(f) specific as to the purpose(s) for which the information may be used by any of the parties named in (e) both at the time of the disclosure and at any time in the future;

(g) specific as to its expiration date, which should be for a reasonable period of time not to exceed one year, except where an authorization is presented in connection with a life or noncancellable or guaranteed renewable health insurance policy, in which case the expiration date should not exceed two years from the date the authorization was signed.

Recommendation 14

That each time a medical care provider discloses information about an individual pursuant to a valid authorization, it be required to retain a copy of the authorization and, for the purpose of Recommendation (5) on patient access, treat it as part of the record(s) from which the disclosure was made.

GOVERNMENT ACCESS TO PERSONAL RECORDS AND "PRIVATE PAPERS"

The Commission recommends: Recommendation 1

That Congress provide an individual by statute with an exception of confidentiality in a record identifiable to him maintained by a private sector record keeper in its provision of financial services, medical care, insurance, or telecommunications services, which statute should specifically require that the individual, in defense against compelled production of such a record pursuant to any administrative, judicial, or legislative summons, subpoena, or similar order be permitted—

(a) to challenge the relevance and scope of the summons, subpoena, or order and to require from the government clear proof of the reasonable relationship of the record sought to the investigation, prosecution, or civil action in furtherance of which the summons, subpoena, or order was issued before a court may order disclosure of the record; and

(b) to assert in protection of the record the protections for private papers and effects articulated in the Fourth Amendment, and the due process protections articulated in the Fifth Amendment, to the Constitution of the United States.

Recommendation 2

That any request for an individually identifiable record made to a private sector record keeper or agency of another government jurisdiction by a government agency or its agents be made only through recognized legal process, such as an administrative summons or judicial subpoena, unless the request is made with the consent of the individual to whom the record pertains.

Recommendation 3

That Congress provide by statute that an administrative summons (or other form of compulsory legal process) issued by an administrator or executive authority of government to a private sector record keeper in order to inspect or obtain an individually identifiable record shall be issued only

(a) for the inspection of a record required to be maintained pursuant to a statute or regulation, or

(b) for the investigation of violations of law where the evidence obtained by such administrative summons (or other form of compulsory process) will be used only for administrative action, civil enforcement, or criminal prosecution directly related to the statutory purposes for which such summons power was granted, except, where evidence of unrelated criminal activity is uncovered, the existence of such activity may be reported to a proper investigating authority who may then proceed to obtain such information from the record keeper pursuant to whatever legal processes are at its command; and

(c) where a copy of the administrative summons is served by the administrative or executive authority of government upon an individual who (1) is, or is likely to become, the subject of investigation or enforcement proceedings, and (ii) is the subject of the record to be produced,

(d) where the issuance of such a summons may only be made by officials of the issuing agency who are not field agents and who exercise supervisory authority and responsibility over the agents who will serve the summons, and

(e) where an individual identified in the record and subject to notification under (c) above has standing to assert protections for those records in which he has an expectation of confidentiality as defined in Recommendation (1) above or any other defense provided by common law or statute;

except that,

(f) an administrative summons may be issued without service upon the individual where the government shows to a court that service would:

(i) pose a reasonable possibility that the record sought will be destroyed, or an attempt to destroy it will be made, by the record subject upon whom service of the summons is required; or

(ii) pose a reasonable possibility that other evidence would be destroyed or become unavailable to government, jeopardizing the investigation; or

(iii) cause flight from prosecution by the individual upon whom service of the summons is required; or

(iv) endanger the life or physical safety of any person;

provided that, before issuance of such a summons, the government must show the reasonable relationship of the record sought to the investigation in furtherance of which the summons is to be issued. Within a reasonable period of time after issuance of a summons without notice, the government must notify the subject of the record of the seizure. This provision ((f)) would not, however, apply to a record in which an individual has a legitimate expectation of confidentiality recognized by statute or common law.

Recommendation 4

That Congress provide by statute that a subpoena or other method of judicial summons, issued after indictment or information or after the filing of a complaint or other initial pleading, issued to a private sector record keeper—

(a) in order to obtain an individually identifiable record and

(b) where the record subject is, or is likely to become, a target of the investigation, a named party to the litigation, or otherwise publicly implicated in the proceedings, may be issued only where:

(i) service of the summons or subpoena is made upon both the individual identified in the record and the record keeper,

(ii) the individual has standing to contest the summons or subpoena and to halt production of the record until his claims are litigated, and

(iii) the individual is able to assert in protection of the record the defense provided by any legal expectation of confidentiality or other defense provided by common law or statute.

Recommendation 5

That Congress provide by statute that a record obtained pursuant to a Grand Jury subpoena:

(a) shall be returned and actually presented to the Grand Jury under whose authority the subpoena was issued;

(b) shall be employed only for the purposes of prosecuting a crime for which an indictment or presentment was issued by the Grand Jury sitting at the time the record was obtained;

(c) shall be destroyed or returned to the record keeper if it was not used in the prosecution of a crime for which the Grand Jury issued an indictment or presentment or if it has not been made part of the official records of the Grand Jury maintained under the seal;

(d) shall not be maintained, or its contents described in any record maintained, apart from the sealed records of the Grand Jury by any agency or officer, employee, or agent of such agency of government: and

(e) the information contained in such record shall be protected by stringent penalties for improper disclosure or maintenance, including penalties to be enforced by criminal prosecution (or the exercise of judicial contempt power).

Recommendation 6

That Congress provide by statute that a Grand Jury subpoena dimes tecum (or other Grand Jury subpoena to acquire the contents of documentary evidence, whether by testimony or otherwise) issued

(a) to obtain an individually identifiable record,

(b) where a legally protectable expectation of confidentiality exists, such as the expectation recommended by the Commission for records of a credit grantor, depository institution, insurance institution, or health care provider, and

(c) where the record subject is, or is likely to become, a target of the investigation. named In an indictment or presentment, or otherwise publicly implicated in the proceedings, may be issued only where

(i) service of the subpoena is made upon both the individual identified in the record and the record keeper,

(ii) the individual has standing to contest the subpoena and to halt the production of the record until his claims are litigated, and

(iii) the individual is able to assert in protection of the record the defenses provided by any legal expectation of confidentiality or other defense provided by common law or statute.

Recommendation 7

(a) That where a private sector record keeper is required to report information about an individual to an agency or authority of government, the scope of such reporting should be limited by Congress such that:

(i) each reporting requirement is expressly authorized in statute;

(ii) each statutory provision clearly identifies the policies and purposes which justify the reporting it authorizes;

(iii) each statutory provision details standards of relevance which must be met before the information must be reported;

(iv) no information is reported in individually identifiable form unless such reporting is essential to accomplish the statutory policies and purposes which justify the reporting; and

(vi) where individual identity is not reported by the record keeper, yet at some point such identification may be necessary to ensure compliance with law, identifiable records be maintained by the record keeper only for inspection by authorized agents of the government upon presentation of a lawful summons or subpoena:

(b) this inspection by a government agency of records maintained pursuant to statute or regulation in individually identifiable form by a private sector record keeper be permitted to occur

(i) only upon presentation and delivery of a copy of an administrative summons, provided that

(ii) the summons identifies the particular records and items of information to be made available for inspection by the agency;

(c) that a private sector record keeper he required to notify an individual when he enters into a relationship with the record keeper that information concerning the relationship

(i) will be reported to agencies and authorities of government pursuant to statute or regulation, or

(ii) may be open to inspection by agencies and authorities of. government;

(d) that individually identifiable information obtained by government through reporting or inspection required by statute or regulation should be unavailable for civil or criminal prosecution of violations of law not directly related to the statutorily identified purposes which justify the reporting or inspection;

(e) that an individually identifiable record required to be maintained by a private sector record keeper pursuant to statute or regulation may be destroyed by the record keeper at any time after the statute of limitations expires for the specific violation justifying the reporting or maintenance of such record; and

(f) that an individually identifiable record collected by a government agency from information reported or maintained by a private sector record keeper pursuant to statute or regulation be destroyed by the government agency at the time the statute of limitations expires for the specific violation justifying the reporting or maintenance of such record.

RECORD KEEPING IN THE EDUCATION RELATIONSHIP

The Commission recommends: Recommendation 1

That the Family Educational Rights and Privacy Act be amended to require an educational agency or institution to formulate; adopt, and promulgate an affirmative policy to implement FERPA requirements, as well as the additional requirements recommended by the Commission.

Recommendation 2

That the Family Educational Rights and Privacy Act be amended to require an educational agency or institution to include in its institutional policy to implement FERPA reasonable procedures to protect against unwarranted intrusiveness and against unfairness in its education record keeping practices including:

(a) reasonable procedures to prevent the collection and maintenance of inaccurate, misleading, or otherwise inappropriate educational records;

(b) procedures that provide a student or parent a reasonable opportunity for reconsideration of an administrative decision regarding the student that is based in whole or in part on an education record about the student that has been corrected or amended as a result of rights exercised under FERPA subsequent to the decision; and

(c) procedures to assure that except as specifically required by law, no survey or data collection activity will be conducted, assisted, or authorized by an educational agency or institution unless:

(i) the proposal for such an activity has been reviewed and approved by the educational agency or institution, and not a component thereof, to eliminate unwarranted intrusion on the privacy of students or their families; and

(ii) parents of affected students have been notified of such activity, provided a reasonable opportunity to review the collection materials, and allowed to refuse participation in such activity by their children or families.

Recommendation 3

That the Family Educational Rights and Privacy Act be amended to broaden the definition of an "educational agency or institution" to include organizations that provide testing or data assembly services under contract to educational agencies or institutions or consortiums thereof, except that such organizations should not be subject to Section (b) (3) of the Act which requires educational institutions to permit access by Federal auditors to educational records without the consent of the student or his parent.

Recommendation 4

That the Family Education Rights and Privacy Act be amended to:

(a) broaden the definition of "student" to include an applicant for student status;

(b) make all provisions of FERPA applicable to education records pertaining directly to an applicant; and

(c) require that records created about an unsuccessful applicant be maintained by an educational agency or institution for 18 months from the close of the application process, after which time they must be destroyed.

Recommendation 5

That the Family Educational Rights and Privacy Act be amended to provide that the right of a student or his parent to inspect and review letters and statements of recommendation not be subject to waiver by the student or his parent, provided further, however, that letters and statements of recommendation solicited with a written assurance of confidentiality, or sent and retained with a documented understanding of confidentiality prior to the effective date of
the statutory change not be subject to inspection and review by students or parents.

Recommendation 6

That the Family Educational Rights and Privacy Act be amended to require an educational agency or institution that conducts instructional programs to provide for parent or student participation in the establishment and review of its policies and practices implementing FERPA; and further

Recommendation 7

That the Family Educational Rights and Privacy Act be amended to require an educational agency or institution that conducts instructional programs to have procedures whereby parents or students may challenge its policies or practices implementing FERPA.

Recommendation 8

That the Family Educational Rights and Privacy Act be amended to require that an educational agency or institution establish, promulgate, and enforce administrative sanctions for violations of its policy implementing FERPA. Such sanctions should be levied upon chief executive officers of educational agencies and components thereof who are negligent in pursuit of institutional compliance as well as upon employees who violate provisions of such policy.

Recommendation 9

That the Family Educational Rights and Privacy Act be amended to provide that all or any portion of DREW funds earmarked for education purposes may be withheld from an educational agency or institution when its policy does not comply with FERPA requirements or when evidence of systematic failure on its part to implement its policy is presented to the Department of Health, Education, and Welfare. Such withholding of funds should only be imposed if the Secretary has determined that compliance cannot be secured through voluntary means or that systematic failures to implement policy have previously been brought to the attention of the educational agency or institution and it has not taken sufficient steps to correct such failures. The amount withheld should be appropriate to the nature of the violation, and should provide incentives for future compliance.

Recommendation 10

That the Family Educational Rights and Privacy Act be amended to permit an individual (in the case of a minor, his parents or guardian) to commence a civil action on his behalf to seek injunctive relief against an educational agency or institution that fails to provide him with a right granted him by FERPA. The district courts should have jurisdiction, without regard to the amount in controversy or the citizenship of the parties, to order an educational agency or institution to perform such act or duty as may be required by FERPA and to grant costs of the litigation, including reasonable attorney's fees.

Recommendation 11

That the Family Educational Rights and Privacy Act be amended to make it permissible for records of instructional, supervisory, and administrative personnel of an educational agency or institution, and educational personnel ancillary thereto, which records are in the sole possession of the maker thereof, to be disclosed to any school official who has been determined by the agency or institution to have legitimate educational interests in the records, without being subject to the access provision of FERPA, provided, however:

(a) that such records are incorporated into education records of the agency or institution or destroyed after each regular academic reporting period;

(b) that such records are made available for inspection and review by a student or parent if they are used or reviewed in making any administration decision affecting the student; and

(c) that all such records of administrative officers with disciplinary responsibilities are made available to parents or students when any disciplinary decision is made by that officer.

Recommendation 12

That the Family Educational Rights and Privacy Act be amended to provide that insofar as directory information is concerned, a student or parent may only require that address and phone number not be published without his consent or that it only be disclosed to persons who have established to the satisfaction of the institution a legitimate need to know.

Recommendation 13

That the Family Educational Rights and Privacy Act be amended to permit an educational agency or institution to use or disclose an education record or information contained therein in individually identifiable form for a research or statistical purpose without parent or student consent, provided that the agency or institution:

(a) determines that such use or disclosure in individually identifiable form does not violate any conditions under which the information was collected;

(b) ascertains that such use or disclosure in individually identifiable form is necessary to accomplish the research or statistical purpose for which the use or disclosure is to be made;

(c) determines that the research or statistical purpose for which any use or disclosure is to be made warrants the risk to the individual from additional exposure of the record or information;

(d) requires that adequate safeguards to protect the record or information from unauthorized disclosure be established and maintained by the user or recipient, including a program for removal or destruction of identifiers;

(e) prohibits any further use or redisclosure of the record or information in individually identifiable form without its express authorization;

(f) prohibits any individually identifiable information resulting from such research from being used to make any decision or take any action directly affecting the individual to whom it pertains;

(g) makes any disclosure pursuant to a written agreement with the proposed recipient which attests to all of the above; and provided further, that all such determinations, requirements, and prohibitions are made by the educational agency or institution (and not a component thereof).

Recommendation 14

That the Family Educational Rights and Privacy Act be amended so as to permit an educational agency or institution to designate in its policy implementing FERPA that disclosures may be made on a routine basis without the authorization of the parent or student to a particular welfare or social service agency for a specified purpose that directly assists the educational agency or institution in achieving its mission, provided that the categories of information which may be disclosed to such agency are also specified and that further redisclosure by such agency is prohibited.

Recommendation 15

That the Family Educational Rights and Privacy Act be amended to provide:

(a) that records collected or maintained by the security or law enforcement branch of an educational agency or institution solely for a law enforcement purpose

(i) shall not be considered to be education records subject to the provisions of FERPA when the security or law enforcement branch does not have access to education records maintained by the agency or institution; and

(ii) may be disclosed only to law enforcement agencies of the same jurisdiction and to school officials responsible for disciplinary matters;

(b) that disclosure of information may be made by an educational agency or institution to law enforcement officials without the consent of the student or parent, provided that:

(i) an official determination is made by the educational agency or institution (and not by a component thereof) that the information disclosed is necessary to an authorized investigation of ongoing violations of law which threaten the welfare of the educational agency or institution or its students or faculty; and

(ii) each determination is publicly reported to the governing board of the agency or institution including the type of information disclosed, the number of individuals involved, and the justification for such disclosure, but not the names of the individuals involved.

THE CITIZEN AS BENEFICIARY OF GOVERNMENT ASSISTANCE

The Commission recommends: Recommendation 1

(a) That the Congress enact a statute that requires each State, as a condition of the receipt of Federal financial assistance for public assistance and social services programs, to enact a fair information practice statute applicable to records about public assistance and social services clients of any agency administering or supervising the administration of any federally assisted public assistance or social services program (the requirements of the State statute are described below) ;

(b) That Congress give a State two full State legislative sessions to enact the required statute before it is considered not to be in compliance with Federal law;

(c) That the Congress specify in the statute the general principles of the fair information practice policy, leaving to the States some discretion to tailor specific means of implementing the principles to their own needs, where appropriate;

(d) That the Congress make the Secretary of Health, Education, and Welfare responsible for determining that each State has enacted the required State statute and that it has the characteristics required by Federal law. The Secretary should consult with the heads of other Federal agencies funding public assistance and social services programs in carrying out this responsibility;

(e) That every Federal agency responsible for overseeing the administration of a public assistance or social services program be required by Federal statute to review State compliance with the record keeping requirements set forth in Federal and State statute;

(f) That the process that States use for formulating and enacting specific fair information practice requirements provide ample opportunity for public participation, including public hearings; and

(g) That appropriate sanctions and remedies, at the Federal and State level, be available to deal with violations of the statutorily prescribed requirements.

Recommendation 2

That every State enact a statute applying the fair information practices required of agencies receiving Federal public assistance and social services funds to records of cash assistance and social services agencies that do not receive any Federal funding.

Recommendation 3

That the Congress require the States to provide by statute that public assistance and social services agencies must, to the greatest extent practicable, collect information and documentation directly from the client, unless otherwise requested by the client.

Recommendation 4

That the Congress require the States to provide by statute that a public assistance or social services agency must:

(a) notify a client as to:

(i) all types of information which may be collected about him;

(ii) the techniques that may be used to collect or verify such types of information;

(iii) the types of sources that may be asked to provide each type of information.

(b) limit its collection practices to those specified in any such notice;

(c) provide the client an opportunity to indicate particular sources of information which he does not want the agency to contact and to provide alternatives to those sources so indicated;

(d) provide the client an opportunity to withdraw his application should the agency require that a source be contacted notwithstanding .. .

provided, however, that such procedures shall not be required when there is a reasonable belief that the client has violated a law relating to the administration of the assistance or services program.

Recommendation 5

That Congress require States to provide by statute that public assistance and social services agencies must give clients of social services programs the opportunity to require that collateral contacts, made to secure information about their eligibility in a services program, are made in a manner that, to the maximum extent possible, does not reveal the specific nature of the service sought by the client.

Recommendation 6

That the Congress require States to provide by statute that a client who is the subject of a record maintained by a public assistance and social services agency shall have a right to see and copy that record upon request.

Recommendation 7

That the Congress permit the States to enact provisions of law that:

(a) provide that a medical record may be disclosed either directly to the client or through a medical care professional designated by the client, provided, however, that a client must be given direct access to any medical record information that is used to make a determination about .his eligibility;

(b) restrict a parent or guardian's access to a minor's record, or a minor's access to a record that contains information about him;

(c) provide that the source of information in a record, or the information itself to the extent that it would reveal the identity of the source, need not be disclosed to the client if the source is an individual who has requested an assurance of confidentiality or, absent such a request, if disclosure can reasonably be expected to result in harm to the source, provided, however, that an adverse determination may not be based on information that is not disclosed to the client;

(d) deny a client access to a record that is being used for an ongoing investigation of a suspected violation by the client of a law relating to the administration of the welfare program; and

(e) provide for segregation of information in records maintained about multiple subjects so that a client may see only that information in a record that pertains directly to him.

Recommendation 8

That the Congress require States to provide by statute that public assistance and social services agencies will permit a client to request correction or amendment of a record pertaining to him, and that the agency must:

(a) promptly correct, amend (including supplement), or delete any portion thereof which the individual can show is not accurate, timely, relevant, complete, or within the scope of information which he was originally told would be collected about him, except that in the case of a medical record, the agency shall disclose to the client the identity of the medical care provider who was the source of the record, and, if the latter agrees to the requested correction, the agency must make the correction:

(b) assure that any corrections, amendments, or deletions are reflected wherever information about the client is maintained that is similar to that which has been corrected, amended, or deleted; or

(c) inform the client of its refusal to correct, amend, or delete part of the record in accordance with his request and the reason(s) for the refusal, permit the client to have the refusal reviewed at a hearing, and permit a client who disagrees with the refusal to correct, amend, or delete the record to have placed with the record a concise statement setting forth his disagreement; and further

(d) provide reasonable procedures to assure that corrections, amendments, and deletions made pursuant to (a), or statements of disagreement filed pursuant to (c), are made available to prior and subsequent recipients of the record.

Recommendation 9

That the Congress require States to provide by statute that public assistance and social services agencies must have reasonable procedures to assure that all records they use in making any determination about a client are maintained with such accuracy, timeliness, completeness, and relevance as is reasonably necessary to assure that the records themselves are not the cause of an unfair determination.

Recommendation 10

That the Congress provide by statute that no disclosures of records about a public assistance or social services client may be made without the authorization of the client, unless disclosure has been specifically authorized by State statute, which must contain:

(a) provisions relating to the permissible uses and disclosures of individually identifiable information about clients for purposes related to the administration and enforcement of the specific program for. which the information was acquired, as well as for purposes related to the administration and enforcement of other public assistance and social services programs for which the individual has applied, is required to apply, or may be eligible;

(b) a prohibition on the disclosure of individually identifiable information about clients to members of the public and to legislative committees;

(c) a prohibition on the use or disclosure of individually identifiable information about clients for purposes unrelated to the prevision of public assistance and social services without the consent of the client, provided, however, that:

(i) disclosure necessary to assure the health or safety of the client or another individual in compelling circumstances may be permitted;

(ii) disclosure made pursuant, to a court order may be permitted if the agency has contested the order, provided, however, that adequate notice and ability to participate in any action regarding the order has been provided the client if the client is the subject of the investigation or prosecution in furtherance of which the court order is issued: and

(iii) disclosure for a research or statistical purpose may be permitted, provided, however, that:

(A) the agency maintaining the information ascertains that use or disclosure in individually identifiable form is necessary to accomplish the purpose for which disclosure is made;

(B) further use or disclosure of the information or record in individually identifiable form is prohibited without the express authorization of the agency or the client;

(C) reasonable procedures to protect the record or information from unauthorized disclosure are established and maintained by the recipient, including a program for removal or destruction of identifiers; and

(D) the agency determines that the research or statistical purpose for which any disclosure Is to be made is such as to warrant risk to the individual from additional exposure of the record or information;

(d) provisions stating which redisclosures of individually identifiable information may be made by agencies or persons authorized to obtain such information; and

(e) a requirement that all permissible disclosures be limited to information that is necessary and relevant to the purpose for which disclosure is made, including those disclosures made for collateral verification purposes.

Finally, the Congress should provide that when enacted, the required State statute shall constitute the sole authority for disclosures of client records maintained by public assistance and social services agencies receiving Federal funding except that 42 U.S.C. 4582 and 21 U.S.C. 1175, regarding the confidentiality of alcohol and drug abuse treatment records, will continue to be in force.

Recommendation 11

That the Congress require States to provide by statute that public assistance and social services agencies must inform each client in plain language of :

(a) the kinds of records that the agency maintains, and the purposes for which the information In those records may be used;

(b) the client's right to see, copy, and request correction of record about himself;

(c) Whether information requested of the client by the agency must be provided as a condition of eligibility for public assistance and social services, or whether providing it is voluntary;

(d) of the agency's procedures regarding collateral verification [as required by Recommendation (4)1, including its use of inter-agency and inter-jurisdictional data exchanges; and

(e) the provisions of the State statute governing disclosure.

Recommendation 12

That the Congress require the States to provide by statute that appropriate remedies and penalties will be available in cases in which a public assistance or social services agency violates a provision of the State fair information practice statute.

Recommendation 13

That the use and disclosure of information obtained on applicants for and recipients of child support services as well as an alleged absent parents should be subject to the same

statutory disclosure policy called for by Recommendation (10). Furthermore, Congress should require by statute that information obtained by State agencies from the Federal Parent Locator Service regarding absent parents may not be disclosed for purposes unrelated to the establishment of paternity, the location of the parent, or enforcement of child support obligations, except to the extent that disclosures of such information result from court proceedings.

Recommendation 14

That the Congress amend Title IV of the Social Security Act to provide that the provision requiring States to "utilize sources of information and available records" [Section 454(8) 1 not be construed to override State and local laws prohibiting the disclosure of certain types of information unless these laws have made provision for disclosure to the State Parent Locator Service.

Recommendation 15

That the Congress amend Section 453(e) (2) of Title IVD of the Social Security Act to provide that Federal agencies maintaining information which, by other provisions of law, has been deemed to be confidential, shall not be required to provide that information to the Federal Parent Locator .Service (PLS), unless disclosure to the Federal PLS is specifically authorized by a Federal statute that specifies the agency that may disclose information to the PLS; and further, that the Congress limit disclosures of information by Federal agencies to the PLS to the minimum necessary to locate the absent parent (e.g., place of employment and home address) .

Recommendation 16

That the Congress require the heads of all Federal agencies funding public assistance and social services programs to provide assistance to the States in developing their fair information practice statutes.

THE RELATIONSHIP BETWEEN CITIZEN AND GOVERNMENT: THE PRIVACY ACT OF 1974

The Commission recommends: Recommendation 1

That a Federal agency administering a health insurance program which employs the services of a private health insurance intermediary provide to the intermediary only that information necessary for the intermediary to carry out its responsibilities under the program.

Recommendation 2

That there should be a continued. examination of the standards, guidelines, and general criteria for safeguards within the Federal government, but there should not be a general extension of any Federal standards, guidelines, or general criteria for safeguards for security and confidentiality of records when a record is disclosed. to a person other than an agency, except as specifically provided in other recommendations of the Commission.

Recommendation 3

That the Privacy Act of 1974 permit the recovery of special and general damages sustained by an individual as a result of a violation of the Act, but in no case should a person entitled to recovery receive less than the sum of $1,000 or more than the sum of $10,000 for general damages in excess of the dollar amount of any special

THE RELATIONSHIP BETWEEN CITIZEN AND GOVERNMENT: THE CITIZEN AS TAXPAYER

The Commission recommends: Recommendation 1

That the Congress prohibit the disclosure of any tax information about a prospective juror for use in jury selection.

Recommendation 2

That the Congress not permit tax information about prospective Federal appointees to be disclosed to the White House and heads of Federal agencies without the consent of the
individual to whom he information pertains

Recommendation 3

That Federal tax information authorized to be disclosed to the Parent Locator Service be limited to the minimum necessary to locate an alleged absent parent; that such Information be used only in aid of location efforts: and that no disclosures of IRS information about an individual to whom support is owed be permitted without the individual's authorization.

Recommendation 4

That the Congress subject all information about a taxpayer to the same restrictions on disclosure for non-tax investigations and prosecutions that the Commission recommended in its interim report.

Recommendation 5

That all of the information about taxpayers in the possession of the IRS, regardless of source, be subject to the. same disclosure restrictions recommended by the Commission in this chapter and in its interim report.

THE RELATIONSHIP BETWEEN CITIZEN AND GOVERNMENT: THE CITIZEN AS PARTICIPANT IN RESEARCH AND STATISTICAL STUDIES

The Commission recommends: Recommendation 1

That the Congress provide by statute that no record or information contained therein collected or maintained for a research or statistical purpose under Federal authority or with Federal funds may be used in individually identifiable form to make any decision or take any action directly affecting the individual to whom the record pertains, except

Recommendation 2

That the Congress provide by statute that any record or information contained therein collected or maintained for a research or statistical purpose under Federal authority or with Federal funds may be used or disclosed in individually identifiable form without the authorization of the individual to whom such record or information pertains only for a research or statistical purpose, except:

(a) where the researcher reasonably believes that the information will forestall continuing or imminent physical injury to an individual, provided that the information disclosed is limited to that information necessary to secure the protection of the individual who may be injured;

(b) where information is furnished in compliance with a judicial order, including a search warrant or lawfully issued subpoena, and the purpose of the judicial order is to assist inquiry into an alleged violation of law by a researcher or an institution or agency maintaining research and statistical records, provided that:

(i) any information so disclosed shall not be used as evidence in any administrative, legislative, or judicial proceeding against anyone other than the researcher or research entity,

(ii) any information so disclosed shall not be used as evidence (or otherwise made public) in such a manner that the subject of the research may be identified, unless identification of an individual research subject is necessary to prove the violation of law, and

(iii) an individual identified in any information to be made public in identifiable form be given notice prior to such publication and be granted standing to contest the necessity of such publication;

(c) where information is disclosed in individually identifiable form for the purpose of auditing or evaluating a Federal research program and such an audit or evaluation is expressly authorized by Federal statute; or

(d) where information is disclosed to the National Archives and Records Service pursuant to the Federal Records Act.

And further, that should information be disclosed under any other conditions, an individual research subject identified in the information disclosed shall have a legal right of action against the person, institution, or agency disclosing the information, the person, institution or agency seeking disclosure and, in the case of a court order, the person who applied for such an order.

Recommendation 3

That when a Federal statute expressly authorizes disclosure in individually identifiable form of a research or statistical record for the purpose of auditing or evaluating a Federal or federally funded program, such statute should prohibit the use or disclosure of such information to make any decision or take any action affecting the individual to whom it pertains, except as authorized by that individual, or as the Congress specifically permits by statute.

Recommendation 4

That any Federal agency that collects or maintains any record or information contained therein in individually identifiable form for a research or statistical purpose should be permitted to maintain such records or information in individually identifiable form only so long as it is necessary to fulfill the research or statistical purpose for which the record or information was collected, unless retention of the ability to identify the individual to whom the record or information pertains is required by Federal statute or agency regulation.

Recommendation 5

That whenever a Federal agency provides, by contract or research grant, for the performance of any activity that results in the collection or maintenance of any record or information contained therein in individually identifiable form for a research or statistical purpose, the terms of such contract or research grant should:

(a) require the contractor or grantee to establish and maintain reasonable procedures to protect such record or information from unauthorized disclosure, including provision for removal or destruction of identifiers;

(b) include rules for the disposition of such information or record upon termination of the contract or grant that provide appropriate protection against future unauthorized disclosure; and

(c) make the contractor or grantee subject to the requirements of the most stringent applicable Federal and State statutes.

Recommendation 6

That the National Academy of Sciences, in conjunction with the relevant Federal agencies and scientific and professional organizations, be asked to develop and promote the use of statistical and procedural techniques to protect the anonymity of an individual who is the subject of any information or record collected or maintained for a research or statistical purpose.

Recommendation 7

That unless prohibited by Federal statute, a Federal agency may be permitted to use or disclose in individually identifiable form for a research or statistical purpose any record or information it collects or maintains without the authorization of the individual to whom such record or information pertains only when the agency:

(a) determines that such use or disclosure does not violate any limitations under which the record or information was collected;

(b) ascertains that use or disclosure in individually identifiable form is necessary to accomplish the research or statistical purpose for which use or disclosure is to be made;

(c) determines that the research or statistical purpose for which any disclosure is to be made is such as to warrant risk to the individual from additional exposure of the record or information.

(d) requires that reasonable procedures to protect the record or information from unauthorized disclosure be established and maintained by the user or recipient, including a program for removal or destruction of identifiers;

(e) prohibits any further use or redisclosure of the record or information in individually identifiable form without its express authorization; and

(f) makes any disclosure pursuant to a written agreement with the proposed recipient which attests to all the above, and which makes the recipient subject to any sanctions applicable to agency employees.

Recommendation 8

That when disclosure pursuant to Recommendation (7) is made to a Federal contractor or grantee, the written agreement should be between the disclosing agency and funding agency, with the latter responsible for assuring that the terms of the agreement are met.

Recommendation 9

That any person, who under Federal contract or grant collects or maintains any record or information contained therein for a research or statistical purpose, be prohibited from disclosing such record or information in individually identifiable form for another research or statistical purpose, except pursuant to a written agreement that meets. the specifications of Recommendations (7) and (8) above, and has been approved by the Federal funding agency.

Recommendation 10

That absent an explicit statutory requirement to the contrary, any Federal agency that collects or supports the collection of individually identifiable information from an individual for a research or statistical purpose be required by Federal statute to notify such individual:

(a) of the possibility, if any, that the information may be used or disclosed in individually identifiable form for additional research or statistical purposes;

(b) of any requirements for disclosure in individually identifiable form for purposes other than research and statistical use; and

(c) that if any such required disclosure is made for other than a research or statistical purpose, he will be promptly notified.

Recommendation 11

That Congress provide by statute that when information about an individual is to be collected in individually identifiable form for a research or statistical purpose by a Federal agency or with Federal funding, an institutional review process be required to apply the principles enunciated in Recommendation (10) in order to protect the individual :

(a) who is not competent to give informed consent to provide information about himself (e.g., a minor or mentally incompetent individual) ;

(b) whose consent may be seriously compromised by fear of some loss of benefit or imposition of sanction (e.g., "captive populations," such as students, welfare recipients, employees, prison inmates, or hospital patients) ;

(c) when the ability to conduct statistical or research activity is predicated on the individual being unaware of its existence, purpose, or specific nature.

Recommendation 12

That Congress provide by statute that when individually identifiable information is collected from an individual by a Federal agency or with Federal funding for a purpose other than a research or statistical one, the individual be informed that:

(a) such information may be used or disclosed in individually identifiable form for a research or statistical purpose, with appropriate safeguards;

(b) that he may be re-contacted as a result of such use or disclosure.

Recommendation 13

That Congress provide by statute that if any record or information contained therein collected or maintained by a Federal agency or with Federal funding for a research or statistical purpose is disclosed in individually identifiable form without an assurance that such record or information will not be used to make any decision or take an action directly affecting the individual to whom it pertains (e.g., to a court or an audit agency), or without a prohibition on further use or disclosure, the individual should be notified of the disclosure and of his right of access both to his record and to any accounting of its disclosure.

Guideline 1

Any record or information contained therein collected or maintained for a research or statistical purpose should not be used in individually identifiable form to make any decision or take any action directly affecting the individual to whom the record pertains, except within the context of the research plan or protocol, or with the specific authorization of such individual; and

That based on the foregoing principle, a special set of information practice requirements should be established for records and information contained therein collected or maintained in individually identifiable form f or a research or statistical purpose.

Guideline 2

Any entity that, for a research or statistical purpose, collects or maintains in individually identifiable form any record or information contained therein should be required:

(a) to establish and maintain adequate safeguards to protect such record or information from unauthorized disclosure; and

(b) to maintain such record or information in individually identifiable form only so long as is necessary to fulfill the research or statistical purpose for which it was collected, unless the entity can demonstrate that there are reasons for retaining. the ability to identify the individual to whom the record or information pertains which outweigh the increase in the risks to the individual of exposure of the record.

Guideline 3

Except where specifically prohibited by law, an entity that collects or maintains a record or information may use or disclose in individually identifiable form either the record or the information contained therein for a research or statistical purpose without the consent of the individual to whom the record pertains, provided that the entity:

(a) determines that such use or disclosure does not violate any limitations under which the record or information was collected;

(b) ascertains that use or disclosure in individually identifiable form is necessary to accomplish the research or statistical 'purpose for which use or disclosure is to be made;

(c) determines that the research or statistical purpose for which any disclosure is to be made is of sufficient social benefit to warrant the increase in the risk to the individual of exposure of the record or information;

4,e) prohibits any further use or redisclosure of the record information in individually identifiable form without its express authorization.

Guideline 4

Absent an explicit statutory requirement to the contrary, no individual should be required to divulge information about himself for a research or statistical purpose. To assure that there is no coercion or deception,. the individual should be informed:

(a) that his participation is at all times voluntary;

(b) of the purposes and nature of the data collection;

(c) of the possibility, if any, that the information may be used or disclosed in individually identifiable form or additional research or statistical purposes;

(d) of any requirements for disclosure in individually identifiable form required for purposes other than research and statistical use; and

(e) that if any such required disclosure is made for other than a research or statistical purpose, he will be promptly notified.

Guideline 5

When information about an individual is to be collected in individually identifiable form for a research or statistical purpose, an institutional review process or responsible representative should be required to apply the principles enunciated in Guideline (4) in order to protect the individual:

(a) who is not competent to give informed consent to provide information about himself (e.g., a minor or mentally incompetent individual);

(b) whose consent may be seriously compromised by fear of some loss of benefit or imposition of sanction (e.g., "captive populations" such as students, welfare recipients, employees, prison inmates, or hospital patients); or

(c) when the ability to conduct statistical or research activity is predicated on the individual being unaware of its existence, purpose, or specific nature.

Guideline 6

When individually identifiable information is collected for a purpose other than a research or statistical purpose the individual should be informed:

(a) that such information may be used or disclosed in individually identifiable form for a research or statistical purpose, with appropriate safeguards; and

(b) that he may be re-contacted as a result of such use or disclosure.

Guideline 7

When research or statistical records or information are collected and maintained in conformity with all the foregoing policy recommendations, an individual should have a right of access to a record or information which pertains to him if such record or information is used or disclosed in individually identifiable form for any purpose other than a research or statistical one (e.g., an inadvertent unauthorized disclosure).

Guideline 8

Any entity that collects or maintains a record or information for a research or statistical purpose should be required to keep an accurate accounting of all disclosures in individually identifiable form of such record or information contained therein such that an individual who is the subject of such record or information can find out that the disclosure has been made and to whom.

Guideline 9

If any record or information contained therein collected or maintained for a research or statistical purpose is disclosed in individually identifiable form without an assurance that such record or information will not be used to make any decision or take an action directly affecting the individual to whom it pertains, or without a prohibition on further use or disclosure (e.g., to a court or an audit agency), the individual should be notified of the disclosure, and of his right of access to the record and to the accounting for its disclosure, as provided by Guidelines (7) and (8) above.

THE SOCIAL SECURITY NUMBER

The Commission recommends: Recommendation 1

That Section 7 of the Privacy Act be retained for government agencies.

Recommendation 2

That the President amend Executive Order 9397 (November 30, 1943, 8 Federal Register 237, an order directing Federal agencies to use the Social Security account number when establishing a new system of permanent account numbers) so that Federal agencies may not, as of January 1, 1977, rely on it as legal authority by which to create new demands for the disclosure of an individual's SSN.

Recommendation 3

That the independent entity recommended by the Privacy Commission monitor the use of the SSN and other labels by private organizations and consider the desirability and feasibility of future restrictions on the use of the SSN and other labels for identification and authentication purposes.

Recommendation 4

That the Federal government not consider taking any action that would foster the development of a standard, universal label for individuals, or a central population register, until such time as significant steps have been taken to implement safeguards and policies regarding permissible uses and disclosures of records about individuals in the spirit of those recommended by the Commission and these safeguards and policies have been demonstrated to be effective.

GENERAL COMMISSION RECOMMENDATION

That the President and the Congress establish an independent entity within the Federal government charged with the responsibility of performing the following functions :

(a) To monitor and evaluate the implementation of any statutes and regulations enacted pursuant to the recommendations of the Privacy Protection Study Commission, and have the authority to formally participate in any Federal administrative proceeding or process where the action being considered by another agency would have a material effect on the protection of personal privacy, either as the result of direct government action or as a result of government regulation of others.

(b) To continue to research, study, and investigate areas of privacy concern, and in particular, pursuant to the Commission's recommendations, if directed by Congress, to supplement other governmental mechanisms through which citizens could question the propriety of information collected and used by various segments of the public and private sector.

(c) To issue interpretative rules that must be followed by Federal agencies in implementing the Privacy Act of 1974 or revisions of this Act as suggested by this Commission. These rules may deal with procedural matters as well as the determination of what information must be available to individuals or the public at large, but in no instance shall it direct or suggest that information about an individual be withheld from individuals.

(d) To advise the President and the Congress, government agencies, and, upon request, States, regarding the privacy implications of proposed Federal or State statutes or regulations.