Privacy Act of 1974 Has Little Impact on Federal Contractors
LCD-78-124: Published: Nov 27, 1978. Publicly Released: Nov 27, 1978.
- Full Report:
Under the Privacy Act of 1974, Federal agencies must publish at least annually in the Federal Register notices on all their "systems of records" containing information about people. Information to be published in the Federal Register describes categories of records maintained, sources for the information, and the routine uses of the records. Subsection 3(m) of the Privacy Act, the only one focusing on the private sector, states that, "When an agency provides by a contract for the operation by or on behalf of the agency of a system of records to accomplish an agency function, the agency shall, consistent with its authority, cause the requirements of the act to be applied to each system."
The applicability of the Privacy Act to Federal contractors is not clearly understood, and implementation of subsection 3(m) addressing contractors has been given low priority by contracting agencies and by contractors. This is evident from: the sparse and sometimes unclear guidelines issued to implement subsection 3(m), the low level of training given to agency and contractor personnel to acquaint them with the subsection, acknowledgement by agency officials that they had not included the Privacy Act clause in many cases where it should have been included, the almost complete lack of monitoring by contracting agencies, and the general absence of new initiatives by contractors obligated to meet the act's requirements. Agency and contractor officials believe that this is not a cause for concern because prior practices by contractors often already assure the protection of personal information; in few, if any, cases have Federal contractors violated the privacy rights of individuals.