Yesterday, the Senate Homeland Security and Government Affairs Committee’s subcommittee on Oversight of Government Management held a hearing to consider updates to the Privacy Act of 1974. The Privacy Act of 1974 governs federal government agencies’ collection, use, and transfer of individuals’ personal information. In general, the Act limits federal agencies’ disclosure of such information from agencies’ systems of record, subject to several exceptions for law enforcement and other purposes, and requires agencies to follow fair information practices in collecting and maintaining personal information. As previously reported in this blog, Subcommittee Chairman Daniel Akaka (D-Hawaii) has sponsored a bill (S. 1732) amending the Act that would, among other requirements, generally enhance data security requirements and impose notification requirements in connection with data security breaches.
The hearing witnesses were Mary Ellen Callahan, Chief Privacy Officer, U.S. Department of Homeland Security; Greg Long, Executive Director, Federal Retirement Thrift Investment Board; Greg Wilshusen, Director – Information Security Issues, U.S. Government Accountability Office; Peter Swire, Professor of Law, Ohio State University; Chris Calabrese, Legislative Counsel, American Civil Liberties Union; and Paul Rosenzweig, Visiting Fellow, The Heritage Foundation. The panelists generally supported legislation that would update the 1974 Privacy Act and referred to GAO studies concluding that updates to the Act are required to address loopholes created by changes and advances in technology.