The Privacy Act of 1974 Part 1
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Hello everyone.
00:00
>> This is Chris,
00:00
>> and I am Cybrary's instructor
00:00
for its US information privacy course.
00:00
It's a pleasure being with you once again,
00:00
talking about important privacy
00:00
related concepts and topics.
00:00
In Lesson 2.1, we're going to begin
00:00
our discussion on the Privacy Act of 1974 in Part 1.
00:00
Now, I can tell you honestly that while
00:00
>> I was a member of the United States Armed Forces
00:00
>> for over 20 years
00:00
>> and then working in the US intelligence community
00:00
>> as part of the executive branch for over 13 years,
00:00
>> I didn't pay much attention to
00:00
the Privacy Act of 1974 except
00:00
if I were signing employment forms
00:00
or I was completing annual training.
00:00
It wasn't until I had become a privacy professional
00:00
>> that I really began to see the true impact of
00:00
>> the Privacy Act and the privacy protections
00:00
>> that it provides to American citizens
00:00
>> and legal permanent residents.
00:00
Lesson 2.1 has several learning objectives.
00:00
We're going to talk about an introduction,
00:00
the history and its policy objectives.
00:00
We're going to talk about its applicability
00:00
>> and those individuals protected under this act.
00:00
>> Then we're going to conclude
00:00
>> with a discussion on system of records
00:00
>> and systems of records notification requirements.
00:00
>> Let's get to it.
00:00
>> We talked about
00:00
>> the Privacy Act of 1974 briefly in Module 1.
00:00
During that discussion,
00:00
>> we discussed how the Secretary of Health,
00:00
>> Education, and Welfare,
00:00
which we know today as
00:00
the US Department of Health and Human Services,
00:00
had established an advisory committee
00:00
>> to look at the manual and automated
00:00
>> collecting and databasing of
00:00
>> personal identifiable information collected from
00:00
American citizens and legal permanent residents.
00:00
What that committee concluded was that
00:00
>> the US government was
00:00
>> maintaining secret dossiers on Americans.
00:00
That the average American
00:00
didn't know what information is being collected on them
00:00
>> and how that information was being used.
00:00
>> That they had no way of accessing and correcting
00:00
that information if it was inaccurate.
00:00
That the average American didn't have a way of telling
00:00
the executive branch agencies, "Hey,
00:00
I gave you permission to collect
00:00
>> and use my information for this purpose,
00:00
>> but not to use it for additional purposes."
00:00
Those agencies within the executive branch
00:00
also didn't have mechanisms in place for
00:00
determining the accuracy and the reliability of
00:00
the personal identifiable information they collected on
00:00
American citizens and legal permanent residents,
00:00
nor did they have a process in place
00:00
>> where they can identify cases of misuse.
00:00
>> In 1974, the Congress enacted the Privacy Act of 1974,
00:00
which has been amended several times.
00:00
Now, it creates the force code
00:00
or fair information practices that says that
00:00
>> these agencies will not maintain secret dossiers
00:00
>> on American citizens.
00:00
>> That I, as an American, have a right to know
00:00
>> what information is being collected on me
00:00
>> and how it's being used.
00:00
>> I have a right to access that information
00:00
>> and correct it when appropriate.
00:00
>> I have a way to say, "Hey, you can't use
00:00
my collected personal identifiable information
00:00
for purposes other than those which I've agreed to."
00:00
It holds those executive branch agencies accountable
00:00
>> for how they collect, use, disclose, retain,
00:00
>> and dispose of my personal identifiable information.
00:00
Now, who has to comply with this act?
00:00
Agencies and organizations within the executive branch.
00:00
The Office of the President,
00:00
the Office of the Vice President,
00:00
the military departments, the cabinet agencies,
00:00
>> and then those quasi-independent agencies
00:00
>> within the executive branch
00:00
>> like the US Postal Service.
00:00
The Privacy Act of 1974 has four policy objectives.
00:00
The first is to restrict the disclosure of
00:00
personal identifiable information that's maintained
00:00
>> and systems of records to grant
00:00
>> American citizens and legal permanent residents
00:00
with increased rise to access
00:00
>> and to amend those records in the possession of
00:00
>> those executive branch agencies
00:00
to ensure that they're not inaccurate,
00:00
ensure they're relevant, timely, and complete.
00:00
Also, to establish, know that
00:00
>> first set of fair information practices
00:00
>> that require these executive branch agencies to comply
00:00
>> with the privacy acts,
00:00
provisions for collection, maintenance,
00:00
and dissemination of records.
00:00
Let's talk about system of records.
00:00
But before we do that,
00:00
I want to give you
00:00
>> or provide you with some definitions.
00:00
>> When we talk about a record
00:00
that's in the possession of these agencies,
00:00
that's any information that's been collected
00:00
>> on these individuals including names,
00:00
>> Social Security numbers or identification numbers,
00:00
identifying particulars like photographs,
00:00
bio-metric data, and similar types of data.
00:00
When we talk about a system of records,
00:00
that's a group of those records
00:00
>> that have been put together that you use; a name,
00:00
>> an identifying number like Social Security number,
00:00
an identifying particular like a photo
00:00
>> or some other type of identifying particular
00:00
>> to retrieve those records.
00:00
>> The system of records notifications is the requirement
00:00
>> that the Privacy Act has put in place
00:00
>> that requires the executive branch agencies
00:00
>> to notify Congress, the public,
00:00
>> and to notify the Office of Management and Budget
00:00
>> anytime agency is about to put a system in operation.
00:00
Before the system of records system
00:00
>> be put in operation,
00:00
>> then those agencies have to report that information
00:00
>> and the Federal Register for a period of 30 days
00:00
>> to provide the public with an opportunity to comment.
00:00
>> They also have to provide notification to the Congress
00:00
>> and to the OMB in a letter for a period of 10 days.
00:00
>> In total, you'll have a total of 40 days
00:00
>> in which to comply.
00:00
>> Now, SORNs have certain purposes;
00:00
to identify the purpose of a system of records,
00:00
to identify which individuals are covered
00:00
by information in a system of records,
00:00
to identify the categories of records
00:00
>> that are maintained about American citizens
00:00
>> and legal permanent residents, to identify
00:00
>> how the information is shared by the agency,
00:00
>> to include routine uses,
00:00
to inform the public of the existence of records,
00:00
and to provide notice to the public of their rights
00:00
>> and procedures under the Privacy Act for accessing
00:00
>> and correcting information maintained by
00:00
>> the agency on American citizens
00:00
and legal permanent residents.
00:00
There are several classifications
00:00
>> that are associated with these SORNs.
00:00
>> They can be internal.
00:00
Then apply the internal system of records created
00:00
>> by an agency for its employees
00:00
>> or administrative duties or mission.
00:00
>> That could be government wide
00:00
that an agency writes the policy,
00:00
but it doesn't have physical ownership of the records,
00:00
or they could be central.
00:00
Those are records that the agency itself,
00:00
in which it writes the policy from
00:00
>> and it actually physically controls
00:00
>> or owns the records.
00:00
>> Now, there's Curia that's in place
00:00
>> for new system of records
00:00
>> that has to be captured in the SORN.
00:00
If it's a program authorized by
00:00
new and existing statute or the executive order
00:00
>> that maintains information on individual,
00:00
>> retrieves that information
00:00
>> by using a personal identifier.
00:00
>> If there is a new organization of records
00:00
resulting from the consolidation of
00:00
two or more existing systems
00:00
into one new umbrella system,
00:00
whenever the consolidation cannot be classified
00:00
under an existing or current SORN.
00:00
If that agency discovers that the records
00:00
>> about the individuals are being created in use
00:00
>> and that the activity is not covered
00:00
>> under a currently published SORN.
00:00
Finally, a new organization or configuration of
00:00
existing records about individuals that was
00:00
not previously subject to the Privacy Act.
00:00
Again, the 30-day public comment period
00:00
in the Federal Register
00:00
>> and the additional 10 days for congressional OMB review
00:00
>> is applicable for creating or mending a new SORN.
00:00
>> If you're going to terminate a SORN,
00:00
>> when you're no longer accessing the information
00:00
>> by using a name or another identifier,
00:00
then there is notification that's required
00:00
>> and it has to be published many times.
00:00
>> It's not required by the Privacy Act,
00:00
but organizations will publish
00:00
those in the Federal Register.
00:00
Question 1 asks about the Privacy Act of 1974.
00:00
>> Who does it apply to?
00:00
>> Who does it protect?
00:00
>> B and C are there appropriate answers.
00:00
>> Two asks, which entities must comply
00:00
>> with the Privacy Act of 1974?
00:00
>> C and D are the appropriate choices.
00:00
Question 3 asks, what is a system of records?
00:00
The appropriate answer is A.
00:00
Summary, the Privacy Act of 1974
00:00
applies a federal executive branch agencies,
00:00
it established the first US code
00:00
of fair information practices,
00:00
and it protects the rights and freedoms of US citizens
00:00
>> and legal permanent residents.
Up Next
Similar Content
