Computer technology ought to be among the most helpful and useful of any technology, but if it is not treated with care, the society will be worse off for it. The Federal Privacy Act of 1974 established the Privacy Protection Study Commission whose business started in June, 1975. In examination of the private sector, the commission's recommendations reflected three broad principles: (1) recordkeeping practices should minimize intrusiveness of collection to the individual, (2) recordkeeping practices should maximize the fairness with which decisions about people are made, and (3) there should be legitimate and enforceable expectation of confidentiality with respect to the records that are maintained about an individual. Implementation of the Privacy Act can be accomplished by amending existing laws (notably the Federal Credit Reporting Act) and by enactment of new legislation. To implement security precautions in responding to privacy, it is important to utilize good information management practices with tight controls on the use of information. Future systems will need to control access at the "data element" level to insure privacy in exchange of records among automated recordkeeping systems. Discussion is based on recordkeeping practices in the areas of credit granting, depository, education, medical, insurance, research and statistics, investigatory, employment, tax records, and mailing lists. (JEG)