What is the Privacy Act?

Last Modified: March 24, 2024
Woman working on a laptop

The Privacy Act is one of the key legislative acts governing the protection of records maintained on individuals. The Privacy Act established safeguards for the protection of records that the Federal government collects and maintains on United States citizens and individuals who have been lawfully admitted for permanent residence.

About the Privacy Act

The Privacy Act allows individuals to:

  • Seek access to records retrieved by their name and personal identifier;
  • Seek the amendment of any inaccurate information;
  • Provide written authorization for representatives to act on their behalf.

APHIS is committed to the Fair Information Practice Principles:

  • APHIS will disclose why information is being collected and how it will be used;
  • APHIS will use records only for the reasons given, or the agency must seek the person’s permission when another purpose for the records’ use is considered necessary or desirable;
  • APHIS will only maintain what is needed to accomplish agency business;
  • APHIS will provide adequate safeguards to protect the record from unauthorized access and disclosure;
  • APHIS will publish any new, revised, or deleted system notices in the Federal Register;
  • APHIS will ensure that information is accurate, relevant, and complete; and
  • APHIS will provide individuals with the opportunity to correct inaccuracies in their record.

The Privacy Act binds only Federal agencies and covers only records in the possession and control of Federal agencies.

Exemptions to the Privacy Act

The Privacy Act generally provides that any eligible person has a right of access to Federal agency records in which that person is a subject, except to the extent that such records (or portions thereof) are protected from disclosure by one of ten exemptions. When a portion of a record is withheld from public release, the subsection of the Privacy Act law describing that exemption or exemptions may be found in the margin next to or directly on top of where the withheld text would have been found. The list below describes the type of material withheld under each subsection of the Privacy Act. The exact language can be found in the Privacy Act.

Ten Exemptions

  1. Exemption (d)(5): Information compiled in reasonable anticipation of civil action or proceeding; self-executing exemption.
  2. Exemption (j)(1): CIA records (information concerning polygraph records, sources and methods to gather intelligence -- including the facilities, organization, functions, names, officials titles, salaries, or numbers of personnel employed by the Agency -- and documents or information provided by foreign governments).
  3. Exemption (j)(2): Principal function criminal law enforcement agency; records compiled during course of criminal law enforcement proceeding.
  4. Exemption (k)(1): Classified information under an Executive Order in the interest of national defense or foreign policy.
  5. Exemption (k)(2): Non-criminal law enforcement records; criminal law enforcement records compiled by non-principal function criminal law enforcement agency; coverage is less broad where individual has been denied a right, privilege, or benefit as result of information sought.
  6. Exemption (k)(3): Pertain to the protection of the President of the United States or other individual pursuant to section 3056 of Title 18.
  7. Exemption (k)(4): Required by statute to be maintained and used solely as statistical records.
  8. Exemption (k)(5): Investigatory material used only to determine suitability, eligibility, or qualifications for Federal civilian employment or access to classified information when the material comes from confidential sources.
  9. Exemption (k)(6): Testing or examination material used to determine appointment or promotion of Federal employees when disclosure would compromise the objectivity or fairness of the process.
  10. Exemption (k)(7): Military evaluative records (similar to (k)(5)).


What are the Exceptions to Disclosure?

The Privacy Act prohibits the disclosure of a record about an individual from a system of records absent the written consent of the individual (“No Disclosure Without Consent”), unless the disclosure is pursuant to one of twelve statutory exceptions.

Conditions of Disclosure to Third Parties

The “No Disclosure Without Consent” rule states that “No agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains [subject to the 12 exceptions].” 5 U.S.C. § 552a(b).

Twelve exceptions to the “No Disclosure Without Consent” rule are:

  1. 5 U.S.C. § 552a(b)(1) ("need to know" within agency)
  2. 5 U.S.C. § 552a(b)(2) (required FOIA disclosure)
  3. 5 U.S.C. § 552a(b)(3) (routine uses)
  4. 5 U.S.C. § 552a(b)(4) (Bureau of the Census)
  5. 5 U.S.C. § 552a(b)(5) (statistical research)
  6. 5 U.S.C. § 552a(b)(6) (National Archives)
  7. 5 U.S.C. § 552a(b)(7) (law enforcement request)
  8. 5 U.S.C. § 552a(b)(8) (health or safety of an individual)
  9. 5 U.S.C. § 552a(b)(9) (Congress)
  10. 5 U.S.C. § 552a(b)(10) (General Accounting Office)
  11. 5 U.S.C. § 552a(b)(11) (court order)
  12. 5 U.S.C. § 552a(b)(12) (Debt Collection Act)

Source: Overview of the Privacy Act of 1974 (2015 Edition), Department of Justice, Office of Privacy and Civil Liberties.