U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Data Base Management Approach to Privacy Act Compliance

NCJ Number
78888
Author(s)
E Fong
Date Published
1977
Length
36 pages
Annotation
This report proposes a technical approach to compliance with certain requirements of the Privacy Act of 1974 through the use of generalized data base management systems (DBMS).
Abstract
Provisions of the act regarding personal record handling present new issues concerning effective use of DBMS by Federal agencies. In this work, requirements are translated into a set of computer data file procedures which can then implement those act compliance procedures amenable to automation. The use of DBMS appears to be a viable and technologically feasible solution to the effective implementation of many provisions. The Privacy Act of 1974 sets forth requirements governing Federal agency personnel recordkeeping practices. The key to act administration is the establishment of policies which control the use of personal data. The requirements imply that certain data usage and dissemination be monitored and controlled. In this context, DBMS software possesses the following general properties: it facilitates operation on data such as data definition, data storage, data maintenance, data retrieval, and output; it facilitates reference to data by name and not by physical location; and it operates in a software environment which is not tied to a particular set of application programs or files. The data needed in support of compliance procedures assumes the existence of a data base containing personal information. Additional data fields are required for implementation of the act procedures. These fields include the consent field, the disclosure account field, and the dispute field. Several other files might be associated with a system of records containing personal information. Each act requirement is identified and translated side-by-side with the appropriate compliance procedure. The DBMS functions are implementable either via application programs or inherent in the data base software. Eleven references and two appendixes giving the Privacy Act requirements and correlations are provided.