Contents 1 Additional Definitional Change? 2 Section 201. Definition of system of records 3 Section 202. Clarifying uses and sharing of records 4 Section 203. Amendments to conditions of disclosure 5 Section 204. Amendments to improve notification 6 Section 205. Liquidated Damages and Coverage of Negligent Violations

edit Additional Definitional Change?

QUESTION: The Privacy Act only covers "citizen[s] of the United States" and "alien[s] lawfully admitted for permanent residence" pursuant to the definition of "individual" codified by the act at Section 552a(a)(2) of the United States Code. Should this definition be amended to extend the Act's protection to more people--like all United States residents, or all persons regardless of location and immigration status? How would an expansion of this definition impact agencies?

edit Section 201. Definition of system of records

Amends the definition of a system of records in order to clarify that all groups of records held by agencies are considered systems of records.

QUESTION: The Privacy Act constrains only government action related to a "system of records," which is currently defined to encompass only a "group of any records under the control of the agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual." This definition exempts government use of modern relational and distributional databases, which are searched by attributes other than name or identification number, from the Act's protection.

The proposed amendment to the Privacy Act would define any "group of any records under the control of the agency" as a "system of records." Is this change a step in the right direction? Should any further impacts be considered?

ISSUE: The Privacy Act, in limiting its definition of "system of records" only to information "under the control of an agency," also excludes the use of information from third-party commercial databases from protection. See the amendments to the E-Government Act's treatment of commercial information for further exploration of the issue (click here to view that discussion page).

edit Section 202. Clarifying uses and sharing of records

Establishes definitions for data disclosure, including principal purposes or secondary purposes that are explicitly authorized in legislation or by Executive Order but not under the authority of the program for which the information was originally collected. Defines internal and external disclosures of information based on whether the agency that created the record is utilizing the data.

edit Section 203. Amendments to conditions of disclosure

Amends conditions of disclosure of records in order to account for internal and external disclosure for principal and secondary purposes. Allows disclosure of records for records management inspections and to Congressional offices when requested on behalf of an individual.

edit Section 204. Amendments to improve notification

Amends Sectionion 552a(e) in line with definitional changes.

Establishes a centralized Web site with all system of records notices maintained by the OMB Chief Privacy Officer, in addition to placing system of records notices in the Federal Register. Adds principle and secondary purpose as required elements of the notices along with a list of entities the information may be shared with and the authority for said uses of the information collected.

edit Section 205. Liquidated Damages and Coverage of Negligent Violations

Creates actual damages with a cap of $10,000,000 for knowing violations under the Act and legal fees and administrative remediation for cases of negligence.