Privacy and Security in Computer Systems
This paper examines (1) the protection of privacy and other individual rights in personal information databank systems, (2) maintenance of information confidentiality in statistical and research databases, and (3) implementation of data security techniques against malicious users and external penetrators. Although the Privacy Act of 1974 was an important advance in protecting the rights of data subjects, further legislation is needed. Extension of the Code of Fair Information Practices to include databanks in nongovernmental establishments is clearly the next move. Until some of the pending bills to provide statutory confidentiality protection to identifiable personal information in databanks can be enacted, technical and procedural protective measures must be used. Sensitive information in online, shared, or integrated databanks may require all the known protective features and more. The authors conclude that "extremely sensitive information should not be stored in any contemporary resource-sharing computerized databank system."