The Privacy Act of 1974 prohibits federal agencies from disclosing private information about you without your written consent. The law also requires federal agencies to allow you to see records that they are maintaining about you and to correct those records if they are inaccurate or incomplete
Protection of Personal Information
Federal agencies maintain systems of records in which personal information is collected, stored and disseminated or sent in the course of transacting business or sharing information. The disclosure of that information to the wrong people can lead to considerable damage to a person's finances or reputation.
The Privacy Act of 1974 was established to prevent unauthorized disclosures of personal information including personal identifying information such as Social Security numbers. To ensure that federal agencies comply with the law's requirements, agencies are required to publish in the Federal Register details about their systems of records including the intended uses of the system. Further, anytime an agency wants to make a significant change to a system of records, it must give advance notice to the following organizations for evaluation:
- Committee on Government Operations of the House of Representatives
- Committee on Governmental Affairs of the Senate
- Office of Management and Budget
A federal agency may disclose personal information about you only if it has your written permission or if the agency meets the following exceptions:
- The agency discloses the information to one of its own employees on a need to know basis in order to perform official duties
- The disclosure is required under the Freedom of Information Act
- The disclosure is for routine use
- The disclosure is to the Census Bureau in response to a census survey
- The disclosure is to someone who gave adequate advance notice to the agency that the records were needed for a statistical study and the record was transferred without any individual identifying information
- The disclosure is to the National Archives and Records Administration as a historical record
- The disclosure is to any governmental agency within or under federal control for civil or criminal law enforcement purposes and is provided in response to a written request from the agency head
- The disclosure is made under compelling circumstances affecting a person's health and safety and that person received written notification of that disclosure
- The disclosure is made to Congress or to a Congressional committee or subcommittee
- The disclosure is made to the Government Accountability Office for official purposes
- The disclosure is made pursuant to a court order
- The disclosure of bad debt information is made to a consumer reporting agency
Federal agencies must keep accurate accounts of when and to whom disclosures of personal records are made. These accounts must be kept for a minimum of five years or for the lifetime of the personal record, whichever is greater.
Access to Records
Agencies that maintain a system of records must allow you access to any records they have about you. You are also allowed to make copies of those records. If you believe those records are incorrect or incomplete, you can request that the records be corrected. If the agency refuses to correct your records, you may challenge the refusal. If the agency still refuses to correct your records, you can file a statement explaining why you disagree with the agency's refusal and your statement must be sent along with any disclosure of your records.
Penalties for Violation
If an agency refuses to allow you access to your records or refuses your request to correct your records, you have a right to sue the agency to have those records corrected. If you are successful, the federal government may be ordered to pay your attorney's fees and court costs.
If an agency willfully or intentionally violates any other provision of the Privacy Act, you can sue the agency in civil court. If you are successful, the court can order the federal government to pay you any actual damages that you may have suffered as a result of the violation, your attorney's fees and court costs.
An agency or an agency employee may be found guilty of a misdemeanor and may be ordered to pay a fine of up to $5,000 if they:
- Intentionally disclose any personally identifiable information without written authorization
- Willfully maintain a system of records without disclosing its existence and any of its details