Invited testimony for a California legislative committee hearing on computer privacy and security in June 1973. The problem is to protect individuals mentioned in record systems from being harmed by deliberate or inadvertent misuse of information, perhaps by an authorized user. Legal responsibility should be on the recordkeeping organization, not the technician. An ombudsman can be useful but probably cannot initiate new policy or inaugurate new legislation. Rather than a state or federal regulatory body, as Ware suggested in 1969, he now recommends a Code of Fair Information Practices to (1) keep the public informed as to the existence and nature of all databanks containing information about individuals; (2) enable each individual to know what information about him is maintained, to correct and update it, and to prevent information given for one purpose from being used for another; and (3) provide legal recourse in case of harm through mistake or misuse. By using the established legal and judicial system, this would minimize the bureaucracy required. Through continuing court judgments and interpretations, it provides a self-adapting solution that can change over time as society changes. 7 pp.
This report is part of the RAND Corporation Paper series. The paper was a product of the RAND Corporation from 1948 to 2003 that captured speeches, memorials, and derivative research, usually prepared on authors' own time and meant to be the scholarly or scientific contribution of individual authors to their professional fields. Papers were less formal than reports and did not require rigorous peer review.
Our mission to help improve policy and decisionmaking through research and analysis is enabled through our core values of quality and objectivity and our unwavering commitment to the highest level of integrity and ethical behavior. To help ensure our research and analysis are rigorous, objective, and nonpartisan, we subject our research publications to a robust and exacting quality-assurance process; avoid both the appearance and reality of financial and other conflicts of interest through staff training, project screening, and a policy of mandatory disclosure; and pursue transparency in our research engagements through our commitment to the open publication of our research findings and recommendations, disclosure of the source of funding of published research, and policies to ensure intellectual independence. For more information, visit www.rand.org/about/principles.
The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.