© 2000: Access Reports, Inc.
Phone: (434) 384-5334
Fax: (434) 384-8272
E-mail: hhammitt@accessreports.com
Freedom of Information


The Privacy Act of 1974, 5 U.S.C. §552a, was passed by Congress in December, 1974, at the same time that it was overriding President Ford's veto of the 1974 Amendments to the FOIA. Despite the fact that Congress considered these two bills simultaneously, it did not resolve all potential conflicts between the Privacy Act and the amended FOIA.

Part of this failure may be the result of the unusual method used to secure passage of the Privacy Act. The House and the Senate had each passed their own bill on the subject, but by late November it was apparent that it was too late in the session, and that there was too much other pending legislation, to resolve the significant differences between the two through the normal means of a conference committee. As a result, an ad hoc group was formed consisting of staff members of the two leading proponents of privacy legislation in each House, and representatives from the Office of Management and Budget (OMB) and the Department of Justice.

This group developed a compromise bill which was passed on December 18, 1974, and signed into law by President Ford on December 31. It can be argued, however, that in their haste they failed to consider all the potential conflicts between this compromise bill and the FOIA, which they had just amended.

In any event, regardless of the reason, such conflicts did arise and they could not be resolved by the express language of either of the statutes themselves or their legislative histories.

Both the FOIA and the Privacy Act are access statutes, but while access is the FOIA's main objective, it is only one of the Privacy Act's goals. The FOIA confers access rights on "any person." 5 U.S.C. §552(a)(3). The Privacy Act, however, is concerned only with access by "individuals" to records about themselves in a "system of records." 5 U.S.C. §552a(a)(2), (a)(5), (d)(1). Thus a subject-individual has access rights to records under both acts, while any other person must proceed under the FOIA.

The question of third party requests is relatively easy to answer. 5 U.S.C. §552a(b)(2) authorizes release of records (from a Privacy Act system of records) which are "required" to be released under the FOIA. For a release to be required under the FOIA records must be outside any of the nine exemptions in 5 U.S.C. §552(b). The legislative history of the Privacy Act authorization makes it clear that it "was intended to preserve the status quo as interpreted by the courts regarding the disclosure of personal information under [the FOIA]." Privacy Act Source Book at 861.

Except as discussed below, this provision has been interpreted to mean that the Privacy Act has no effect on the access requirements of the FOIA with regard to records not covered by its exemptions. If the records are exempt under the FOIA, however, and the government wishes to make a discretionary release, it must look to the Privacy Act for authorization to do so. 5 U.S.C. 552a(b).

This commonsensical relationship has become exceedingly more important as the case law interpreting the privacy exemptions contained in the FOIA has become more expansive. Agencies can only release Privacy Act-protected records if "required" to do so under the FOIA. Since the standard after Reporters Committee for determining if personal information can be disclosed is whether its release will shed light on government operations, less personal information is now subject to disclosure under FOIA. As a result, more and more personal information falls within the boundaries of FOIA's privacy exemptions, and thus disclosure becomes prohibited under the terms of the Privacy Act because release is no longer "required" under FOIA. See Dept. of Defense v. FLRA, U.S. , 114 S.Ct. 1006 (1994). However, it should be remembered that not all personal information is subject to the Privacy Act, only information contained in a system of records. Personal information in non-Privacy Act files may still be subject to discretionary release under FOIA.

Requests by individuals for access to records about themselves seemed to present more difficult problems. In the first place there are procedural differences. As discussed above, 5 U.S.C. §552(a)(6) establishes administrative deadlines for agencies' responses to initial requests and administrative appeals under the FOIA. The Privacy Act not only does not contain any such deadlines, but also fails to make any express reference to an administrative appeal. Thus the question arises as to whether the FOIA's deadlines apply to such requests.

Theoretically an agency could treat a request as two separate ones and make one response (within the deadlines) under the FOIA and another later one under the Privacy Act. In most instances this procedure would be absurd. Most agencies, therefore, appear to have adopted a procedure of processing the request simultaneously under both acts, and of attempting to comply with the FOIA's administrative deadlines. This procedure is certainly a logical one and appears to be in keeping with the spirit of both acts.

A second problem is that of what an agency should do when release to an individual is required by one act but not the other. The answer is easy if release is required by the Privacy Act but not the FOIA. 5 U.S.C. §a(t) provides that the FOIA exemptions cannot be used to deny an individual access to rights to which he is entitled under the Privacy Act.

The situation in which release is required by the FOIA, but not the Privacy Act proved far more troublesome. It was the subject of a dispute in 1975 between the Justice Department and Sen. Edward Kennedy (with OMB in the middle). In an opinion addressed to the IRS (and dated August 26, 1975) the Justice Department concluded that the Privacy Act was the exclusive remedy for individuals seeking access to records about themselves from a Privacy Act system of records. (Note: this opinion and the other materials related to this dispute are reprinted in the Privacy Act Source Book at 1173-1188).

Under this interpretation an individual could theoretically have fewer access rights than he would have if the Privacy Act had not been passed. This result was challenged by Senator Kennedy as directly contra to congressional intent. A Congressional Research Service analysis prepared at his request reached the same conclusion and also pointed out that the Justice position would (1) result in situations in which a third party could obtain greater access than the subject individual, and (2) be easy to circumvent (e.g., an individual could have a third party request access and consent to this disclosure).

Justice did not acknowledge that its position was incorrect as a matter of law but provided in its regulations that, as a matter of discretion, records which had been exempted under the Privacy Act would be processed under the FOIA. 28 C.F.R. Section 16,57. See policy guidance in FOIA Update, Spring 1980.

In a Supplementary Guidance memorandum dated November 21, 1975 (reprinted in Privacy Act Source Book at 1133), OMB advised agencies: "In a few instances the exemption from disclosure under the Privacy Act may be interpreted to be broader than the Freedom of Information Act. . .In such instances the Privacy Act should not be used to deny access to information about an individual which would otherwise have been required to be disclosed to that individual under the Freedom of Information Act." It also advised that the "net effect" of an agency's processing should be to assure that individuals do not, as a consequence of the Privacy Act, have less access to information pertaining to themselves than they had prior to its enactment."

The issue seemed resolved. When an individual requested access to records about himself in a Privacy Act system of records, the agency would first process the request under that act. If access were granted, its responsibilities were completed. If, however, all or part of the records were properly withholdable under the Privacy Act, it had to process those records under the FOIA and grant access if none of its exemptions were applicable.

However, the Circuits remained split on the issue, leading ultimately to the Supreme Court granting certiorari in two cases -- Provenzano v. Dept. of Justice, 717 F.2d 787 (3rd Cir. 1983), and Shapiro v. DEA, 721 F.2d 215 (7th Cir. 1983). The issue was rendered moot in 1984 when Congress amended 5 U.S.C. §552a(q) (now codified as (t)) to provide: "no agency shall rely on any exemption in this section [i.e., the Privacy Act] to withhold from an individual any record which is otherwise accessible to such individual under the provisions of section 552 [i.e., the FOIA] of this title." P.L. 98-477.

As often happens, Congress failed to state its action in a clear, direct manner, but it is agreed that this amendment establishes that the Privacy Act is not an Exemption 3 statute for purposes of the FOIA.

Next Section Supreme Court Decisions Involving the FOIA