The Privacy Act of 1974 is the primary law controlling how the federal government collects, uses, maintains, and disseminates information about individuals. The law was designed to protect individuals from an increasingly powerful and potentially intrusive federal government. The statute was triggered by a Code of Fair Information Practices (FIPs), and embodies these pricinples:
1. there should be no records whose very existence is private;
2. an individual must be able to discover what information is contained in his or her record and how it is used;
3. an individual must be able to prevent information collected for one purpose from being used for another purpose without consent;
4. an individual must be able to correct or amend erroneous information; and
5. any organization creating, maintaining, using or disseminating records of identifiable personal data must assure the reliability of the data for its intended purpose and must take precautions to prevent misuse.
The Privacy Act empowers individuals to control the federal government's collection, use, and dissemination of sensitive personal information. The Act prohibits agencies from disclosing records to third parties or other agencies without the consent of the individual to whom the record pertains. The prohibition is weakened by several exceptions. As early as 1977, the Privacy Protection Study Commission found that the Privacy Act was vague and would likely not meet its stated purposes.
CDT has maintained that the Privacy Act should undergo a review and be brought up to date. While the fundamentals of the Act - principles of fair information practices - remain relevant and current, some definitions do not reflect the realities of current technologies and information systems.