Sen. Daniel K. Akaka (D-Hawaii) has introduced S.1732, the Privacy Act Modernization for the Information Age Act of 2011. The text of the legislation is here (pdf), and here is an excerpt of Akaka’s comments on the Senate floor, from the Congressional Record.
Mr. AKAKA. Mr. President, today I am introducing the Privacy Act Modernization for the Information Age Act of 2011.
In 1974, Congress enacted the Privacy Act to protect Americans’ personal information from improper disclosure by the Federal government. Broadly, the Privacy Act requires that government agencies allow individuals to see any records an agency keeps on him or her, with some exceptions for security and law enforcement, limits the extent to which the government may share data with and agencies and third parties, allows individuals to access and correct their records, requires agencies to pro- vide notice of what data is collected and how it is used and to keep records of disclosures, and provides individuals the ability to enforce their rights under the act.
With the expansion of technology and the proliferation of personally identifiable information in the hands of government agencies, the risk of losing, abusing, or misusing information has grown exponentially. In particular, over the last 10 years security needs have created pressure on agencies to use existing personal information in new ways, not contemplated when the information was collected. The growth in the business of buying and selling individuals’ information also raises new questions about the extent to which the Privacy Act applies to these sources of data on individuals used by the government. Meanwhile, there have been few updates to the Privacy Act, leaving it better suited to file cabinets and clunky 30 year old databases than the modern information technology systems in use at agencies today. […]
After examining these recommendations and consulting with outside privacy experts, working groups, and privacy and civil liberties advocates, I am introducing the Privacy Act Modernization for the Information Age Act of 2011. This bill addresses the issues raised by GAO, adds stronger privacy leadership at the Office of Management and Budget to ensure effective execution of the Privacy Act, and extends authority for privacy officers to investigate possible violations of privacy laws.
This bill updates the Privacy Act in several ways. It simplifies some of the definitions to apply them to modern information technology management ideas that were in their infancy in 1974. It also tightens requirements for agency controls and maintenance of records to ensure their use is authorized, and that personally identifiable information is not misused.
Agencies would also be more accountable to the public in protecting information. Notifications of systems with personally identifiable information would be more relevant, transparent, and accessible, allowing Americans to know which agencies may have what information about them and in what systems. Importantly, the bill would create a centralized privacy website containing System of Records Notices and other related privacy information. […]
My bill also builds on important new privacy protections introduced in the E-Government Act of 2002, which established a requirement for a Privacy Impact Assessment on certain new sys- tems developed at agencies that contain personally identifiable information. It also codifies the term ‘‘personally identifiable information,’’ which has been defined by the Office of Management and Budget, OMB, for years in conjunction with the Privacy Act. This will let us focus on protecting personally identifiable information rather than defining it.
Read page S6668 of the Oct. 18, 2011 Congressional Record to see the rest of Akaka’s comments.