Understanding Your Rights Under the Privacy Act
Quick Answer
The Privacy Act is specifically a federal government accountability law, not a broad consumer privacy law. It gives citizens rights over their information held by federal agencies, the IRS, SSA, VA, federal law enforcement, and others. Understanding what it covers, and what it does not, helps you know when and how to use it.
What the Privacy Act Covers
The Privacy Act of 1974 applies to records held by federal executive branch agencies. It gives you the right to:
- Access your records: Request to see personal information an agency holds about you
- Request corrections: Ask an agency to amend inaccurate, incomplete, or irrelevant records
- Know how your information is used: Agencies must publish a System of Records Notice (SORN) describing what personal information they collect and how it is used
- Limit disclosure: Agencies generally cannot share your records with other agencies or outside parties without your consent, with specified exceptions
What the Privacy Act Does Not Cover
The Privacy Act does not apply to:
- Private companies (banks, retailers, social media, data brokers)
- State and local government agencies
- Congress or the courts
- Private individuals
Private sector data collection is regulated by a patchwork of other laws: FCRA (credit reporting), HIPAA (healthcare), COPPA (children's data), GLBA (financial), and various state privacy laws.
How to Request Your Federal Records
To access records a federal agency holds about you, submit a written Privacy Act request to the agency's Privacy Act officer or FOIA office.
Your request should include:
- A clear statement that you are making a Privacy Act request
- Your full name, date of birth, and any relevant identifiers (Social Security number may be required for some agencies)
- A description of the records you are seeking
- Proof of identity (agencies can require notarised verification or a signed declaration)
- Your contact information
Most agencies have online portals or specific instructions for submitting requests. Consult the agency's website directly.
Response time: Agencies must acknowledge requests within 10 business days and respond within a reasonable time. If an agency denies access, you have the right to appeal internally and then to federal court.
Requesting Corrections to Federal Records
If you find inaccurate information in your federal records, submit a written amendment request to the same Privacy Act officer. Explain what is incorrect and provide documentation supporting the correction.
If the agency refuses, you can appeal the denial, and ultimately litigate in federal court. You can also request that a statement of disagreement be added to your file.
IRS Records
To access your IRS tax records, request a tax transcript at IRS.gov/get-transcript or call 1-800-908-9946. For broader IRS records under the Privacy Act, submit a request to IRS Privacy, Governmental Liaison, and Disclosure at the address found on IRS.gov.
Social Security Records
To access your SSA earnings record and benefit information, create a my Social Security account at ssa.gov. For records requests under the Privacy Act, contact SSA at 1-800-772-1213 or visit ssa.gov/privacy.