The Privacy Act of 1974 Part 2

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 2 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
>> Hello, everyone. It's Chris again,
00:00
and I'm Cybrary's instructor for
00:00
it's U.S. Information Privacy course.
00:00
I'm glad that you've decided to
00:00
join me for this important discussion.
00:00
The Privacy Act of 1974 is
00:00
important to us as American citizens,
00:00
legal permanent residents.
00:00
Whether you're supporting the federal government
00:00
as executive branch,
00:00
or if you're working in another
00:00
capacity that requires you
00:00
to comply with the Privacy Act of 1974.
00:00
We have several learning objectives.
00:00
We're going to talk about some of
00:00
those disclosure requirements,
00:00
some of the exceptions
00:00
to requiring consent and the individual rights,
00:00
access and Amendment rights.
00:00
We're going to be talking about some
00:00
of the agency requirements,
00:00
rules, civil remedies, criminal penalties.
00:00
We'll talk about those 10 exemptions
00:00
>> that exist on having
00:00
>> to provide access to records or system for records.
00:00
We'll close out with discussion on
00:00
social security number restrictions.
00:00
Let's talk about some of those requirements and rules.
00:00
The Privacy Act says that executive branch agencies
00:00
must comply with existing statues and or
00:00
executive orders by the president when it
00:00
comes to the collection and
00:00
processing of personally identifiable information
00:00
and it's storage and records of systems of records.
00:00
The rules say that these individuals,
00:00
these agencies themselves must
00:00
promulgate those rules as it
00:00
applies in notice and rule making.
00:00
Those rules will establish procedures whereby
00:00
an individual can be notified in
00:00
response of his or her request.
00:00
If any system of records,
00:00
name by the end of what it contains,
00:00
a record pertaining to him or her.
00:00
They ought to defy reasonable times, places,
00:00
and requirements for identifying
00:00
an individual who request his or
00:00
her records or information
00:00
pertaining to him or her before the agency,
00:00
so make the record or
00:00
information available to the individual.
00:00
Then finally, they have to establish procedures for
00:00
disclosure to an individual upon
00:00
his or her request of his or her record or
00:00
information pertaining to either person,
00:00
including special procedure be necessary.
00:00
For the disclosure of
00:00
sensitive information to the individual,
00:00
like medical records, including
00:00
psychological records pertaining to him or to her.
00:00
The Acts says that all these agencies themselves cannot
00:00
disclose an individual's
00:00
>> personal identifiable information
00:00
>> contained in records or systems of records,
00:00
unless they have the individual's written consent
00:00
or prior consent for doing so.
00:00
Now, there are some exceptions
00:00
to a disclosure requirements in their toil.
00:00
Need to know within the agency,
00:00
freedom of information requests
00:00
for the required disclosures,
00:00
routine use to provide a benefit or a service,
00:00
statistical research,
00:00
information that's stored in the National Archives,
00:00
law enforcement requests civil or criminal,
00:00
health or safety of an individual,
00:00
information requested by Congress,
00:00
information shared with
00:00
the Bureau of the Census during census time,
00:00
general accounting office information
00:00
shared with the general accounting office,
00:00
information requested by a court order or information
00:00
requested by a credit reporting agency
00:00
as part of the Debt Collection Act.
00:00
The requirements are also for access or amendment.
00:00
If where amendment it says
00:00
>> that an individual can request
00:00
>> an amendment of his or her own record and upon receipt,
00:00
the agency has within
00:00
10 working days to
00:00
provide or acknowledge in writing that it
00:00
has received the request
00:00
and to either disclose whether it will
00:00
comply with the request and correct
00:00
the inaccurate untimely information,
00:00
or if it decides that it's going to refuse
00:00
the request and it needs to tell the individual why.
00:00
It also has to tell them the procedures on how they can
00:00
pursue administrative appeals to that decision.
00:00
When we talk about
00:00
individual access or
00:00
criminal remedies and criminal penalties,
00:00
there are four separate and distinct civil causes
00:00
of action for
00:00
which allow an individual to sue
00:00
>> for injunctive purposes,
00:00
>> their access losses, amendment lawsuits.
00:00
There's also a compensatory relief mind
00:00
where the individual can show
00:00
monetary damages or actual damages
00:00
for intentional willful intent.
00:00
Now for these cases,
00:00
the amount can be equal to the sum of
00:00
the actual damages or less than $1,000.
00:00
Now we're talking about actual
00:00
damages we're talking about
00:00
the individual has to show that
00:00
there is a violation of the act,
00:00
that there was an adverse effect on the individual,
00:00
the causation of the damages,
00:00
and then they have to demonstrate intentional
00:00
>> or willful actions on the part of the agency.
00:00
>> Again, they can only recoup less than $1,000.
00:00
They can also recoup attorney fees
00:00
for amendments and access lawsuits.
00:00
They can accept the courses discretion
00:00
>> whether they will grant attorney fees and
00:00
>> costs at a reasonable incurred.
00:00
>> Now we're talking about actual damages.
00:00
Then again, they can recoup reasonable attorney fees as
00:00
determined by the court that are
00:00
recoverable and this case is not discretionary.
00:00
Neither statutes of limitation nor
00:00
an individual has found his lawsuit within
00:00
two years from the date that
00:00
they suffered alleged harm or damages,
00:00
except for in cases of
00:00
material and willful misrepresentation.
00:00
In those cases they can be brought in anytime.
00:00
There are also criminal penalties
00:00
for noncompliance with the Act.
00:00
If an officer, or an employee of the agency,
00:00
accesses an individual's records and
00:00
discloses them in violation of that,
00:00
then they can be guilty of
00:00
a misdemeanor or fine no more than $5,000.
00:00
If an employee, when offers urban agency
00:00
maintains secret records without
00:00
providing the proper notification,
00:00
then they too can be found guilty of
00:00
a misdemeanor or fine no more than $5,000.
00:00
If you have any individual that's trying to obtain
00:00
records or access to a system of
00:00
records containing personally identifiable information,
00:00
then under false pretenses,
00:00
then they can also be found guilty of
00:00
a misdemeanor or fine no more than $5,000.
00:00
Now, the Act itself also has provisions where has
00:00
10 exemptions for providing
00:00
this information or access to
00:00
information or request for it.
00:00
There's one special exemption it says
00:00
that no an individual can't request
00:00
information that's in their records if it's
00:00
unreasonable anticipation of
00:00
a civil action or civil proceeding.
00:00
There are two general exemptions.
00:00
If the records are maintained by
00:00
the Central Intelligence Agency or if
00:00
the records are being used for the enforcement of
00:00
criminal laws to include law enforcement efforts,
00:00
prosecution efforts, courts, correctional efforts,
00:00
probation, pardon, or parole purposes.
00:00
Then there are seven specific exemptions.
00:00
Again, FOIA exemptions,
00:00
investigatory material, now
00:00
there's compile for law enforcement purposes,
00:00
information that pertains to
00:00
the protection services of the President,
00:00
Secret Service records, statistical records,
00:00
investigatory materials that are
00:00
used for suitability, eligibility,
00:00
or qualifications for federal sovereign unemployment,
00:00
military service, federal contracts,
00:00
or access to classified information.
00:00
If the disclosure would identify
00:00
the source of the information.
00:00
For testing or examination,
00:00
you solely to determine
00:00
an individual's qualifications for appointment or
00:00
promotion in the federal service that might
00:00
compromise testing evaluation processes.
00:00
Then any evaluation material
00:00
used to determine promotions within the
00:00
military that might identify
00:00
the source of the information
00:00
who provide it to the government.
00:00
There's also a social security
00:00
number restriction that says
00:00
that government officials and agencies at the federal,
00:00
state at local level can't deny benefits to
00:00
an individual just because they
00:00
decide not to disclose their social security number.
00:00
Question 1 ask the question,
00:00
the Privacy Act of 1974 requires written consent from
00:00
an individual before an agency can disclose
00:00
his or her information unless an exemption applies.
00:00
The answer is A.
00:00
Question Two ask,
00:00
which of these exemptions allows
00:00
the disclosure of personal information
00:00
without written consent?
00:00
All four are correct choices.
00:00
Three ask what are the actual civil penalties
00:00
for the willful and intentional
00:00
violation of the Privacy Act?
00:00
The appropriate choice is A.
00:00
Question 4 ask about what might result in a criminal
00:00
commonly for violating the Act A,
00:00
B, C, and D are the appropriate choices.
00:00
Question 5 ask,
00:00
what are the specific exemptions
00:00
under the Privacy Act of 1974?
00:00
The appropriate choices are C and
00:00
D. The Privacy Act is an important act.
00:00
It provides protections to
00:00
legal permanent residents and American citizens,
00:00
devise protections and holds
00:00
agencies accountable for how they handle when
00:00
disclose information that's contained
00:00
in records or system of records.
00:00
It has some remedies
00:00
and criminal penalties for violations
00:00
of the Act and it also has several special,
00:00
general and specific exemptions.
Up Next