Dismantling the Private Enforcement of the Privacy Act of 1974: Doe v. Chao

A divided Supreme Court recently decided in Doe v. Chao that the federal government’s disclosure of the social security number, while constituting a violation of the Privacy Act of 1974 (the “Privacy Act”), was not enough to compensate the victim. After examining the civil remedy section of the Privacy Act, the Supreme Court ruled that the victim must also prove that he sustained actual damages before recovering the statutory minimum damage of $1,000. This latest decision will greatly affect the enforcement of the Privacy Act by private citizens and reduce the effectiveness of the already much criticized Privacy Act. This article argues that the Supreme Court’s latest decision will effectively eradicate the only meaningful enforcement mechanism of the Privacy Act. Part II examines the history of the right to privacy and the legislative background to the Privacy Act. Part III reviews the Supreme Court’s decision in Doe v. Chao. Part IV analyzes the Supreme Court’s decision and explains the detrimental repercussions of Doe v. Chao. Finally, this article concludes by proposing legislative changes to the Privacy Act so that privacy rights can be enforced effectively

Face Off: An Examination of State Biometric Privacy Statutes & Data Harm Remedies

As biometric authentication becomes an increasingly popular method of security among consumers, only three states currently have statutes detailing how such data may be collected, used, retained, and released. The Illinois Biometric Information Privacy Act is the only statute of the three that enshrines a private right of action for those who fail to properly handle biometric data. Both the Texas Capture or Use Biometric Identifier Act Information Act and the Washington Biometric Privacy Act allow for state Attorneys General to bring suit on behalf of aggrieved consumers. This Note examines these three statutes in the context of data security and potential remedies for victims of data breaches or mishandled data. Ultimately, this Note makes policy proposals for future biometric privacy statutes, particularly recommending a private right of action as the most effective remedy for victims of biometric data breaches

The Ironic Privacy Act

This Article contends that the Privacy Act of 1974, a law intended to engender trust in government records, can be implemented in a way that inverts its intent. Specifically, pursuant to the Privacy Act’s reporting requirements, in September 2017, the U.S. Department of Homeland Security (DHS) notified the public that record systems would be modified to encompass the collection of social media data. The notification justified the collection of social media data as a part of national security screening and immigration vetting procedures. However, the collection will encompass social media data on both citizens and noncitizens, and was not explicitly authorized by Congress. Social media surveillance programs by federal agencies are largely unregulated and the announcement of social media data collection pursuant to the reporting requirements of the Privacy Act deserves careful legal attention. Trust in the Privacy Act is at risk when the Act’s notice requirements announce social media data collection and analysis systems under the guise of modifying record collection and retention protocols. This Article concludes that the social media data collection program proposed by DHS in September 2017 requires express legislative authorization

The Ironic Privacy Act

This Article contends that the Privacy Act of 1974, a law intended to engender trust in government records, can be implemented in a way that inverts its intent. Specifically, pursuant to the Privacy Act\u27s reporting requirements, in September 2017, the U.S. Department of Homeland Security (DHS) notified the public that record systems would be modified to encompass the collection of social media data. The notification justified the collection of social media data as a part of national security screening and immigration vetting procedures. However, the collection will encompass social media data on both citizens and noncitizens, and was not explicitly authorized by Congress. Social media surveillance programs by federal agencies are largely unregulated and the announcement of social media data collection pursuant to the reporting requirements of the Privacy Act deserves careful legal attention. Trust in the Privacy Act is at risk when the Act\u27s notice requirements announce social media data collection and analysis systems under the guise of modifying record collection and retention protocols. This Article concludes that the social media data collection program proposed by DHS in September 2017 requires express legislative authorization

The Ironic Privacy Act

This Article contends that the Privacy Act of 1974, a law intended to engender trust in government records, can be implemented in a way that inverts its intent. Specifically, pursuant to the Privacy Act’s reporting requirements, in September 2017, the U.S. Department of Homeland Security (DHS) notified the public that record systems would be modified to encompass the collection of social media data. The notification justified the collection of social media data as a part of national security screening and immigration vetting procedures. However, the collection will encompass social media data on both citizens and noncitizens, and was not explicitly authorized by Congress. Social media surveillance programs by federal agencies are largely unregulated and the announcement of social media data collection pursuant to the reporting requirements of the Privacy Act deserves careful legal attention. Trust in the Privacy Act is at risk when the Act’s notice requirements announce social media data collection and analysis systems under the guise of modifying record collection and retention protocols. This Article concludes that the social media data collection program proposed by DHS in September 2017 requires express legislative authorization

Privacy Act Expungements: A Reconsideration

Privacy, according to Justice of the United States Supreme Court William 0. Douglas, involves the choice of the individual to disclose or to reveal what he believes, what he thinks, what he possesses. The individual, he believed, should have the freedom to select for himself the time and circumstances when he will share his secrets with others and decide the extent of that sharing. For the private manuscript repository the protection of an individual\u27s right to privacy, at least that of the donor, presents no insurmountable problems. Donors may simply purge files in advance of deposit or place certain restrictions on their disclosure

Privacy in the Workplace

The Privacy Act came into force on 1 July 1993. The first part of this paper surveys areas that raise privacy issues in the workplace. These relate in particular to the collection and use of employee information for selection, evaluation, monitoring, surveillance, and testing purposes. The second part of this paper discusses the nature of the Privacy Act, and its effect on the workplace

Feres and the Privacy Act: Are Military Personnel Records Protected?

(Excerpt) This Note contends that Uhl and Cummings are actually in harmony, and therefore, the Feres doctrine should apply to bar some claims under the Privacy Act, but not others. Claims by military personnel under the Privacy Act should be barred when the records are released solely within the military structure because the release is truly “incident to service” and invokes the rationales of the Feres doctrine. In cases where the military releases a serviceperson’s records to persons outside the military, however, the rationales of Feres are not applicable and should not bar recovery. Part I explores the background of the Feres doctrine and its progeny and discusses the Privacy Act in general. Part II highlights the two circuit court decisions, Uhl v. Swanstrom and Cummings v. Department of the Navy and their apparent conflict. This Part also analyzes the rationales that underlie the doctrine and the normative arguments for and against the continued use of the doctrine and its expansion to Privacy Act claims. Part III proposes that the Supreme Court consider a new test. First, the Court should look at whether the release of records occurs incident to service and should focus on the recipient of the released information. If the information protected by the Privacy Act was released within the military command structure, and thus subject to the rules and regulations of the military, the claims should be barred. But, if the release is made to an outside civilian party, then the claims should be allowed. This approach would protect military discipline and decision-making while still giving plaintiffs a remedy in appropriate cases