About the Federal Privacy Act

How to Know What the US Government Knows About You

People holding signs protesting the NSA spying on Americans
Senate Judiciary Cmte Holds Hearing On Surveillance Transparency Act Of 2013. Win McNamee / Getty Images

The Privacy Act of 1974 is intended to protect Americans against invasions of their personal privacy through the misuse of information about them collected and maintained by the federal government agencies.

The Privacy Act controls what information can be legally collected and how that information is collected, maintained, used, and disseminated by the agencies in the executive branch of the federal government.

Only information stored in a “system of records” as defined by the Privacy Act are covered. As defined in the Privacy Act, a system of records is “a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.”

According to the U.S. Department of Justice, the Privacy Act can be characterized as an all-encompassing “code of fair information practices” regulating how the federal executive branch agencies collect, maintain, use, and release Americans’ personal information. However, the Privacy Act’s often vague language and limited history of enforcement make it difficult to understand and apply. In addition, many early legal cases involving Privacy Act questions were decided by district courts and are thus unpublished. The Department of Justice anticipates that further litigation will continue to interpret and solidify the intent and application of the Privacy Act. 

Your Rights Under the Privacy Act

The Privacy Act guarantees Americans three primary rights. These are:

  • The right to see the records about them held by the government, subject to Privacy Act exemptions;
  • The right to request that the records be changed to ensure that they are accurate, relevant, timely or complete; and
  • The right to be protected against unwarranted or illegal invasions of their privacy resulting from the collection, maintenance, use, and disclosure of their personal information.

Where the Information Comes From

It is a rare individual who has managed to keep at least some of their personal information from being stored in a government database. Doing just about anything will get your name and numbers recorded. Here are just few examples:

Information You Can Request

The Privacy Act does not apply to all government information or agencies. Only executive branch agencies fall under the Privacy Act. In addition, you may only request information or records that can be retrieved by your name, Social Security Number, or some other personal identifier. For example: You cannot request information regarding your participation in a private club or organization unless the agency indexes and can retrieve the information by your name or other personal identifiers.

As with the Freedom of Information Act, the agencies can withhold certain information "exempted" under the Privacy Act. Examples include information concerning national security or criminal investigations. Another commonly used Privacy Act exemption protects records that might identify an agency's source of confidential information. For Example: If you apply for a job in the CIA, you would probably not be allowed to find out the names of people the CIA interviewed in regard to your background.

Exemptions and requirements of the Privacy Act are more complicated than those of the Freedom of Information Act. You should seek legal assistance if necessary.

How to Request Privacy Information

Under the Privacy Act, all U.S. citizens and aliens with legal permanent residence (green card) status are allowed to request personal information held on them.

As with Freedom of Information Act requests, each agency handles its own Privacy Act requests.

Each agency has a Privacy Act Officer, whose office should be contacted for Privacy Act information requests. The agencies are required to at least tell you whether they have information on you or not.

Most federal agencies also have links to their specific Privacy and FOIA Act instructions on their websites. This information will tell you what types of data the agency collects on individuals, why they need it, what they do with it, and how you can get it.

While some agencies may allow for Privacy Act requests to be made online, requests can also be made by regular mail.

Send a letter addressed to the Privacy Officer or agency head. To speed handling, clearly mark "Privacy Act Request" on both the letter and the front of the envelope. Here's a sample letter:

Privacy Act Request
Agency Privacy or FOIA Officer [or Agency Head]
Name of Agency or Component|
Dear ____________:
Under the Freedom of Information Act, 5 U.S.C. subsection 552, and the Privacy Act, 5 U.S.C. subsection 552a, I am requesting access to [identify the information you want in complete detail and state why you believe the agency has the information about you.]
If there are any fees for searching or copying these records, please inform me before filling my request. [or, Please send me the records without informing me of the cost unless the fees exceed $______, which I agree to pay.]
If you deny any or all of this request, please cite each specific exemption you feel justifies the refusal to release the information and notify me of appeal procedures available to me under the law.
[Optionally: If you have any questions about this request, you may contact me by telephone at ______ (home phone) or _______ (office phone).]

What Will it Cost

The Privacy Act allows agencies to charge no more than their costs for copying the information for you. They cannot charge for researching your request.

How Long it Will Take?

The Privacy Act places no time limits on the agencies to respond to information requests. Most agencies try to respond within 10 working days. If you have not received a reply within a month, send the request again and enclose a copy of your original request.

What to Do if the Information is Wrong

If you think the information the agency has on you is wrong and should be changed, write a letter addressed to the agency official who sent the information to you. Include the exact changes you think should be made along with any documentation you have that backs up your claim.

Agencies have 10 working days to notify you of receipt of your request and to inform you if they need further proof or details of the changes from you. If the agency grants you request, they will inform you of exactly what they will do to amend the records.

What to Do if Your Request is Denied

If the agency denies your Privacy Act request (either to supply or change information), they will advise you in writing of their appeal process. You can also take your case to federal court and be awarded court costs and attorney's fees if you win.

mla apa chicago
Your Citation
Longley, Robert. "About the Federal Privacy Act." ThoughtCo, Aug. 26, 2020, thoughtco.com/about-the-federal-privacy-act-3573529. Longley, Robert. (2020, August 26). About the Federal Privacy Act. Retrieved from https://www.thoughtco.com/about-the-federal-privacy-act-3573529 Longley, Robert. "About the Federal Privacy Act." ThoughtCo. https://www.thoughtco.com/about-the-federal-privacy-act-3573529 (accessed January 26, 2021).