Government Data Bank Right to Privacy Act

Government Data Bank Right to Privacy Act - Requires that any organization of Federal, State, or local government maintaining an information system that includes personal information shall: (1) collect, maintain, use, and disseminate only personal information necessary to accomplish a proper purpose of the organizationa; (2) collect information to the greatest extent possible from the data subject directly; (3) maintain information in the system with accuracy, completeness, timeliness, and pertinence as necessary to assure fairness in determinations relating to a data subject; (4) make no dissemination to another system without specifying requirements for security and the use of information exclusively for the purposes set forth in the notice required under this Act; (5) maintain for a reasonable time related to the purposes of the particular system a complete and accurate record, including identity and purpose, of every access to any personal information in a system; and (6) collect no personal information concerning the political or religious beliefs, affiliations, and activities of data subjects unless expressly authorized by statute.

Prohibits any Federal agency from requiring any individual to disclose for statistical purposes any personal information unless such disclosure is required by a constitutional provision or Act of Congress, and the individual is so informed.

Requires any organization maintaining or proposing to establish an information system for personal information to: (1) give notice of the existence and character of each existing system once a year to the Federal Privacy Board; (2) give public notice of the existence and character of each existing system each year, in the case of Federal organizations in the Federal Register, or in the case of other organizations in local or regional printed media likely to bring attention to the existence of the records to data subjects; (3) assure that such public notice specifies the categories of data maintained, and the categories of all information sources, a description of types of use made of information, and the procedures whereby an individual can gain access to such information and contest its accuracy and the necessity for its retention; and (4) prepare and publish a privacy impact statement describing the consequences to the individual, including his rights, privileges, benefits, detriments, and burdens, of the proposed data system, or in the case of an existing system, any proposed expansion.

Requires any organization maintaining personal information to inform an individual asked to supply personal information whether he is legally required, or may refuse, to supply the information requested, and also of any specific consequences which are known to the organization, of providing or not providing such information.

Requires data subjects which dispute information about them to have such disputed information disseminated when other information about him is disseminated. Requires, upon request, corrections in information to be sent to past recipients of information,

Directs organizations maintaining information to inform, within two years and each year thereafter, individuals on whom data is stored of its content and where a copy of such data may be obtained.

Allows the President to exempt organizations from requirements of this Act in the interest of national defense.

Makes it unlawful for any organization to require an individual to disclose or furnish his social security account number, for any purpose in connection with any business transaction, because such individual does not disclose or furnish such number unless the disclosure or furnishing of such number is specifically required by Federal law.

Establishes the Federal Privacy Board in the Government Accounting Office, whose five members shall be appointed by the Comptroller General of the United States.

Directs the Board to: (1) publish an annual Data Base Directory of the United States containing the name and characteristics of each personal information system covered by this Act; (2) make rules to assure compliance with this Act; (3) upon the determination of a violation of a provision of this Act or regulation promulgated under the Act, and after opportunity for a hearing, order the organization violating such provision to cease and desist such violation; and (4) conduct open, publc hearings on all petitions for exceptions or exemptions from provisions, application, or jurisdiction of this Act.

States that any organization or responsible officer of an organization who willfully keeps an information system without having notified the Federal Privacy Board; or issues personal information in violation of this Act shall be fined not more than $10,000 in each instance or imprisoned not more than five years, or both.

Provides that any person, system, or agency which violates the provisions of the Act, or any rule, regulation, or order issued thereunder, shall be liable to any person aggrieved thereby.