|
Privacy
Protection Study Commission (PPSC) Fair Information Practices
The Privacy Act of 1974
created the Privacy Protection Study Commission. It's charter was to to study
privacy issues and recommend future legislation.
In 1977 the Privacy Protection Study Commission (PPSC) issued its report:
Personal Privacy in an Information
Society
.
(NB: This report is sometimes cited as
Personal
Privacy in an Information Age.)
The Commission concluded that the Privacy Act did not provide the benefits
originally expected from its passage. It's report recommended improvements to
the Privacy Act of 1974 and also recommended that the act be more vigorously
enforced.
The report included a proposed revision of the Privacy Act of 1974 that
clarified ambiguities, provided individuals with broader remedies, and tightened
the exemptions. The Commission also recommended that Congress pass additional
information privacy legislation to protect personal data held in private sector
databases.
Fair Information Practices
The Center for Democracy and Technology
(CDT) has a page about this report.
The CDT page notes the report included a set of voluntary Fair Information
Practices (or Fair Information Principles) for
employers' collecting personal data for hiring purposes and that the practices remain a
useful guide for privacy in general.
In my review of the report, online, I am unable to identify the section which
contains these practices as listed by CDT. In particular, I am unable to locate
them in chapter 6, titled
The
Employment Relationship
However, I have listed the practices as shown by CDT on this page below.
Privacy
Protection Study Commission (PPSC) Fair Information Practices
1. Disclosures of Personal Employment Data
An employer should limit external disclosures of information in records kept
on individual employees, former employees, and applicants; it should also limit
the internal use of such records.
2. Individual Access
A. An employer should permit individual employees, former employees, and
applicants to see, copy, correct, or amend the records maintained about
them, except highly restricted security records, where necessary.
B. An employer should assure that the personnel and payroll records it
maintains are available internally only to authorized users and on a
need-to-know basis.
3. Informing the Individual
A. An employer, prior to collecting the type of information generally
collected about an applicant, employees, or other individual in connection
with an employment decision, should notify him/her as to:
(1) the types of information expected to be collected;
(2) the techniques that may be used to collect such information;
(3) the types of sources that are expected to be asked;
(4) the types of parties to whom and circumstances under which
information about the individual may be disclosed without his
authorization, and the types of information that may be disclosed;
(5) the procedures established by statute by which the individual may
gain access to any resulting record about himself;
(6) the procedures whereby the individual may correct, amend, or
dispute any resulting records about himself.
B. An employer should clearly inform all its applicants upon request, and all
employees automatically, of the types of disclosures it may make of information
in the records it maintains on them, including disclosures of directory
information, and of its procedures for involving the individual in particular
disclosures.
4. Authorizing Personal Data Collection
No employer should ask, require, or otherwise induce an applicant or employee
to sign any statement authorizing any individual or institution to disclose
information about him, or about any other individual, unless the statement is:
(1) in plain language;
(2) dated;
(3) specific as to the individuals and institutions he is authorizing to
disclose information about him;
(4) specific as to the nature of the information he is authorizing to be
disclosed;
(5) specific as to the individuals or institutions to whom he is
authorizing information to be disclosed;
(6) specific as to the purpose(s) for which the information may be used;
(7) specific as to its expiration date, which should be for a reasonable
period of time not to exceed one year.
5. Medical Records
A. An employer that maintains an employment-related medical record about
an individual should assure that no diagnostic or treatment information in
any such record is made available for use in any employment decision.
However, in certain limited circumstances, special medical information might
be so used after informing the employee.
B. Upon request, an individual who is the subject of a medical record
maintained by an employer, or another responsible person designated by the
individual, should be allowed to have access to that medical record,
including an opportunity to see and copy it. The employer may charge a
reasonable fee for preparing and copying the record.
C. An employer should establish a procedure whereby an individual who is
the subject of a medical record maintained by the employer can request
correction or amendment of the record.
6. Use of Investigative Firms
Each employer and agent of an employer should exercise reasonable care in the
selection and use of investigative organizations, so as to assure that the
collection, maintenance, use, and disclosure practices of such organizations
fully protect the rights of the subject being investigated.
7. Arrest, Conviction, and Security Records
A. When an arrest record is lawfully sought or used by an employer to
make a specific decision about an applicant or employee, the employer should
not maintain the records for a period longer than specifically required by
law, if any, or unless there is an outstanding indictment.
B. Unless otherwise required by law, an employer should seek or use a
conviction record pertaining to an individual applicant or employee only
when the record is directly relevant to a specific employment decision
affecting the individual.
C. Except as specifically required by federal or state statute or
regulation, or by municipal ordinance or regulation, an employer should not
seek or use a record of arrest pertaining to an individual applicant or
employee.
D. Where conviction information is collected, it should be maintained
separately from other individually identifiable employment records so that
it will not be available to persons who have no need of it.
E. An employer should maintain security records apart from other records.
8. General Practices
An employer should periodically and systematically examine its employment and
personnel record-keeping practices, including a review of:
(1) the number and types of records it maintains on individual employees,
former employees, and applicants;
(2) the items of information contained in each type of employment record
it maintains;
(3) the uses made of the items of information in each type of record;
(4) the uses made of such records within the employing organization;
(5) the disclosures made of such records to parties outside the employing
organization;
(6) the extent to which individual employees, former employees, and
applicants are both aware and systematically informed of the uses and
disclosures that are made of information in the records kept about them.
I based this page
on a page from the Center
for Democracy and Technology. That page is
here.
|
