The Privacy Act of 1974 (5 U.S.C. § 552a) does not apply to the provisions of O.C.G.A. § 40-5-28, which authorize the Department of Public Safety to require, as a condition of licensing, that applicants submit to fingerprinting.
This unofficial opinion is issued in response to the questions that you have raised concerning the interplay of the Privacy Act of 1974 (5 U.S.C. § 552a) and O.C.G.A. §§ 40-5-28, 40-5-100, and 40-5-171. These Sections of the Georgia Code provide that, as a condition precedent to the issuance of a driver’s license or identification card, the Georgia Department of Public Safety may require the applicant to submit to fingerprinting. You note that the Privacy Act contains a definition of the term “record” which includes fingerprints. 5 U.S.C. § 552a(a)(4) (1996). You further note that the Act contains a set of requirements in 5 U.S.C. § 552a(e) that limit the information that may be maintained by an agency and require that the agency make certain disclosures to the person who is the subject of a record about the purposes for which the information is sought and how it will be used. You pose two questions with respect to these provisions.
First, is the fingerprinting requirement “relevant and necessary to accomplish the purpose of the agency?” The analysis must begin with the acknowledgment that the Privacy Act as a whole generally applies only to the federal government, not to state agencies. Indeed, the definition of the term “agency” simply refers the reader to the Administrative Procedure Act. 5 U.S.C. § 552(a)(1) (1996). That Act’s definition of “agency” is clearly limited to the federal government. 5 U.S.C. § 552(f)(1) (1996). See also Ortez v. Washington County, 88 F.3d 804, 810 (9th Cir. 1996) .
Thus, the provisions applicable to records which, as you note, include fingerprints, are applicable solely to the federal government, except in limited situations when a state agency has obtained the records from the federal government. With respect to your questions, the fingerprints are not federal records, but are obtained and maintained by the State of Georgia. Thus, the Privacy Act of 1974 does not apply to this activity by the Department of Public Safety, and the limitations upon the maintenance of records found in the Privacy Act do not apply to the Department.
Second, you ask whether or not the disclosures found in 5 U.S.C. § 552a(e) must be made by the Department of Public Safety prior to requesting fingerprints from an applicant. That provision is applicable to agencies. Again, as the records in question are state, rather than federal, records, and the agency in question is a state agency, this provision has no application to the Department of Public Safety.
In sum, the Privacy Act of 1974 does not apply to the referenced provisions of the Georgia Code because the fingerprints collected by the Department of Public Safety are state, rather than federal, records to which the Act by its own terms does not apply.
NEAL B. CHILDERS
Senior Assistant Attorney General
There is one exception to this limitation: with respect to a request for a person’s Social Security number, the Act’s provisions limiting its use and requiring certain disclosures are also obligatory upon the states. See, e.g., 1997 Op. Att’y Gen. U97-2.