Appeal from the United States District Court for the District of Columbia (No. 94cv00189)
Before: Wald, Ginsburg and Henderson, Circuit Judges.
FOR THE DISTRICT OF COLUMBIA CIRCUIT
Opinion for the Court filed by Circuit Judge Wald.
The issue in this case is whether the Department of Commerce's Advanced Technology Program ("ATP") maintains a "system of records" containing "records" about appellee Wanda Henke, within the meaning of the Privacy Act, 5 U.S.C. Section(s) 552a (1994) ("Act"). Henke is the President and co-owner of Dynamic In Situ Geotechnical Testing, Inc. ("Dynamic")-a company which develops earthquake engineering technology. Between 1990 and 1992 Dynamic submitted three applications for competitive high-technology grants from the ATP, each of which was reviewed by technology and business experts as well as members of the ATP staff, and each of which was denied funding. Although the ATP provided Henke with oral summaries of the reviewers' comments, it declined to release copies of the actual reviews or evaluations. Henke then filed a request under the Privacy Act, seeking disclosure of the reviews. The ATP continued to refuse to disclose the reviews, claiming that it did not maintain a "system of records" within the meaning of the Privacy Act, because it did not systematically file and retrieve information about individuals which was indexed by their names. Henke, however, argued that the ATP's groups of paper files and computer databases fell within the Act's definition.
Under the ATP's computer system, when grant proposals are received, an ATP employee enters administrative information (e.g., name of company, address, telephone number, e-mail address, technology area of the proposal, name of contact person) into a database for that proposal. In each of Dynamic's three proposals, Henke had listed herself as Dynamic's contact person, and her name was entered in that field. Henke thus argued that a system of records existed because it was possible for an ATP employee to enter "Wanda Henke" into the computer, have the computer search for every proposal in which Henke was listed as a contact person, and then use the proposal numbers to go into the ATP's file room, find those proposals, and obtain information which was arguably "about" Henke (since she happened to be one of two scientists at Dynamic). The ATP acknowledged that while it could theoretically retrieve information this way, it did not in practice use the system that way, but instead used the computer databases for routine administrative purposes, such as organizing the peer reviews by the type of technology involved.
The district court, however, agreed with Henke that the ATP's retrieval capability was sufficient to create a system of records keyed to individuals. It ruled that while the text of the Privacy Act was inconclusive on the retrieval capability point, the Act's legislative history and policies supported an expansive view of "system of records." We find, however, that not only is Henke's position contrary to the plain language of the Privacy Act, but that it is also inconsistent with the policies underlying the Act. We hold therefore that in the case of a program like the ATP which does not have an investigatory function, which obtains the names of individuals only as an administrative adjunct to a grant-making program focusing on businesses, and which has presented evidence that it does not in practice use its system to retrieve information keyed to individuals, a "system of records" does not exist with respect to those individuals. Accordingly, we vacate the judgment of the district court, and remand for the district court to enter summary judgment in favor of the Department of Commerce.
The Privacy Act of 1974 "safeguards the public from unwarranted collection, maintenance, use and dissemination of personal information contained in agency records ... by allowing an individual to participate in ensuring that his records are accurate and properly used." Bartel v. F.A.A., 725 F.2d 1403, 1407 (D.C. Cir. 1984). To that end, the Act requires any agency which maintains a "system of records" to publish at least annually a statement in the Federal Register describing that system. *fn1 Such notice must include, among other things, "the name and location of the system," the "categories of individuals on whom records are maintained in the system," the "categories of users and purposes of their use," and "the policies and practices of the agency regarding storage, retrievability, access controls, retention, and disposal of the records." 5 U.S.C. Section(s) 552a(e)(4). In addition, any agency which maintains a system of records must upon request by any individual to gain access to his record or to any information pertaining to him which is contained in the system, permit him ... to review the record and have a copy made of all or any portion thereof in a form comprehensible to him....
5 U.S.C. Section(s) 552a(d)(1).
The Privacy Act-unlike the Freedom of Information Act-does not have disclosure as its primary goal. Rather, the main purpose of the Privacy Act's disclosure requirement is to allow individuals on whom information is being compiled and retrieved the opportunity to review the information and request that the agency correct any inaccuracies. See 5 U.S.C. Section(s) 552a(d)(2) (permitting individual to request amendment of her record due to inaccurate, irrelevant or incomplete information). *fn2 Agencies are, however, authorized to promulgate rules to exempt certain records within a system from disclosure, such as "investigatory material compiled for law enforcement purposes ... [or] investigatory material compiled solely for the ...