The following excerpt is taken from the summary and recommendations of the report, "Records, Computers and the Rights of Citizens," from the HEW Secretary's Advisory Committee on Automated Personal Data Systems (See Editorial, Page 3). Copies of the full report (DHEW (OS)73-94; GPO#l70000116) may be ordered for $2.35 from the Superintendent of Documents, Government Printing Ofjice, Washington, D.C. 20402. Safeguard Requirements For Statistical-Reporting and Research Systems I. GENERAL REQUIREMENTS A. Any organization maintaining a record of personal data, which it does not maintain as part of an automated personal data system used exclusively for statistical reporting or research, shall make no transfer of any such data to another organization without the prior informed consent of the individual to whom the data pertain, if, as a consequence of the transfer, such data will become part of an automated personal data system that is not subject to these safeguard requirements or the safeguard requirements for administrative personal data systems. B. Any organization maintaining an automated personal data system used exclusively for statistical reporting or research shall: (l) Identify one person immediately responsible for the system, and make any other organizational arrangements that are necessary to assure continuing attention to the fulfillment of the safeguard requirements; (2) Take affirmative action to inform each of its employees having any responsibility or function in the design, development, operation, or maintenance of the system, or the use of any data contained therein, about all the safeguard requirements and all the rules and procedures of the organization designed to assure compliance with them: (3) Specify penalties to be applied to any employee who initiates or otherwise contributes to any disciplinary or other punitive action against any individual who brings to the attention of appropriate authorities, the press, or any member of the public, evidence of unfair information practice; (4) Take reasonable precautions to protect data in the system from any anticipated threats or hazards to the security of the system; (5) Make no transfer of individually identifiable personal data to another system without (i) specifying requirements for security of the data, including limitations on access thereto, and (ii) determining that the conditions of the transfer provide substantial assurance that those requirements and limitations will be observed-except in instances when each of the individuals about whom data are to be transferred has given his prior informed consent to the transfer; and (6) Have the capacity to make fully documented data readily available for independent analysis. II. PUBLIC NOTICE REQUIREMENT Any organization maintaining an automated personal data system used exclusively for statistical reporting or research shall give public notice of the existence and character of its system once each year. Any organization maintaining more than one such system shall publish annual notices for all its systems simultaneously. Any organization proposing to establish a new system, or to enlarge an existing system, shall give public notice long enough in advance of the initiation or enlargement of the system to assure individuals who may be affected by its operation a reasonable opportunity to comment. The public notice shall specify: (I) The name of the system; (2) The nature and purpose(s) of the system; (3) The categories and number of persons on whom data are (to be) maintained; (4) The categories of data (to be) maintained, indicating which categories are (to be) stored in computer-accessible files; (5) The organization's policies and practices regarding data storage, duration of retention of data, and disposal thereof; (6) The categories of data sources; (7) A description of all types of use (to be) made of data, indicating those involving computer-accessible files, and including all classes of users and the organizational relationships among them; (8) The procedures whereby an individual. group, or organization can gain access to data for independent analysis; (9) The title, name, and address of the person immediately responsible for the system; (10) A statement of the system's provisions for data confidentiality and the legal basis for them. III. RIGHTS OF INDIVIDUAL DATA SUBJECTS Any organization maintaining an automated personal data system used exclusively for statistical reporting or research shall: (l) Inform an individual asked to supply personal data for the system whether he is legally required, or may refuse, to supply the data requested, and also of any specific consequences for him, which are known to the organization, of providing or not providing such data; (2) Assure that no use of individually identifiable data is made that is not within the stated purposes of the system as reasonably understood by the individual, unless the informed consent of the individual has been explicitly obtained: (3) Assure that no data about an individual are made available from the system in response to a demand for data made by means of compulsory legal process, unless the individual to whom the data pertain (i) has been notified of the demand, and (ii) has been afforded full access to the data before they are made available in response to the demand. *** In addition to the foregoing safeguard requirements for all automated personal data systems used exclusively for statistical reporting and research. we recommend that all personal data in such systems be protected by statute from compulsory disclosure in identifiable form. Federal legislation protecting against compulsory disclosure should include the following features: The data to be protected should be limited to those used exclusively for statistical reporting or research. Thus, the protection would apply to statistical reporting and research data derived from administrative records, and kept apart from them, but not to the administrative records themselves, The protection should be limited to data identifiable with, or traceable to, specific individuals. When data are released in statistical form, reasonable precautions to protect against "statistical disclosure" should be considered to fulfill the obligation to disclose data that can be traced to specific individuals. The protection should be specific enough to qualify for non-disclosure under the Freedom of Information Act exemption for matters "specifically exempted from disclosure by statute." 5 U.S.C. 552(b)(3). The protection should be available for data in the custody of all statistical reporting and research systems, whether supported by Federal funds or not. Either the data custodian or the individual about whom data are sought by legal process should be able to invoke the protection, but only the individual should be able to waive it. The Federal law should be controlling; no State statute should be taken to interfere with the protection it provides.