The IT Law Wiki


U.S. Department of Health, Education and Welfare, Records, Computers and the Rights of Citizens (July 1973) (full-text).


In response to growing concern about the harmful consequences that computerized data systems could have on the privacy of personal information, the Secretary of Health, Education, and Welfare commissioned an advisory committee (the Advisory Committee on Automated Personal Data Systems) in 1972 to examine to what extent limitations should be placed on the application of computer technology to record keeping about people.

The report was the result of the Committee’s look at the impact of computerization of information on privacy and included recommendations on developing policies that would allow the benefits of computerization to go forward, but at the same time provide safeguards for personal privacy.

The backdrop surrounding this report and the Privacy Act of 1974 included several years of intense Congressional hearings examining the surveillance activities of the Nixon and J. Edgar Hoover era and the post-Watergate support for government reform. Flowing from the numerous abuses of power uncovered by Congress and the media during the early 1970s, the Privacy Act of 1974 set out a comprehensive regime limiting the collection, use and dissemination of personal information held by government agencies. The Privacy Act also established penalties for improper disclosure of personal information and gave individuals the right to gain access to their personal information held by Federal agencies.

Summary of the report[]

This, the Committee’s final report, was published in July of 1973. The report began with a brief review of the historical development of records and record-keeping, noting the different origins of administrative, statistical, and intelligence records, and the different traditions and practices that have grown up around them. It observed that the application of computers to record-keeping had challenged traditional constraints on record-keeping practices. The report observed that:

The computer enables organizations to enlarge their data processing capacity substantially, while greatly facilitating access to recorded data, both within organizations and across boundaries that separate them.

The report then explored some of the consequences of these changes and assesses their potential for adverse effect on individuals, organizations, and the society as a whole. It concluded that the net effect of computerization is that it is becoming much easier for record-keeping systems to affect people than for people to affect record-keeping systems.

The Report proposed a federal Code of Fair Information Practices for all computer systems. This Code of Fair Information Practices, now commonly referred to as Fair Information Practice Principles (FIPPs), established the framework on which much privacy policy would be built. These practices were intended to address what the committee termed a poor level of protection afforded to privacy under existing law, and they underlie the major provisions of the Privacy Act of 1974, which was enacted the following year.

In a 2007 report, the National Research Council found that the principles of fair information practice for the protection of personal information are as relevant today as they were in 1973.[1] Accordingly, the committee recommended that the fair information practices should be extended as far as reasonably feasible to apply to private-sector organizations that collect and use personal information.

Use of Social Security Numbers[]

The Report examined the characteristics and implications of a standard universal identifier and opposes the establishment of such an identification scheme. After reviewing the drift toward using the Social Security number (SSN) as a de facto standard universal identifier, the Committee recommended steps to curtail that drift.

The Report recommended that use of the Social Security number be limited to federal programs that have a specific federal legislative mandate to use the SSN, and that new legislation be enacted to give an individual the right to refuse to disclose his SSN under all other circumstances. Furthermore, any organization or person required by federal law to obtain and record the SSN of any individual for some federal program purpose must be prohibited from making any other use or disclosure of that number without the individual's informed consent.

The Report recognized the need to improve the reliability of the Social Security number as an instrument for strengthening the administration of certain federally supported programs of public assistance.


  1. National Research Council of the National Academies, "Engaging Privacy and Information Technology in a Digital Age" (2007).