Comprehensive Right to Privacy Act

Comprehensive Right to Privacy Act - Requires that any organization of State or local government maintaining an information system that includes personal information shall: (1) collect, maintain, use, and disseminate only personal information necessary to accomplish a proper purpose of the organization; (2) collect information to the greatest extent possible from the data subject directly; (3) maintain information in the system with accuracy, completeness, timeliness, and pertinence as necessary to assure fairness in determinations relating to a data subject; (4) make no dissemination to another system or any individual other than the data subject without specifying requirements for security and the use of information exclusively for the purpose set forth in the notice required under this Act; (5) maintain a complete and accurate record, including identity purpose, and date, of every access to any personal information in a system by persons or organizations not having regular access authority; and (6) collect no personal information concerning the political or religious beliefs, affiliations, and activities of data subjects maintained by any government agency unless expressly authorized by statute.

Prohibits any State or local government from requiring individuals to disclose for statistical purposes any personal information unless such disclosure is required by a constitutional provision or Act of Congress, and the individual is so informed.

Requires any organization maintaining or proposing to establish an information system for personal information to: (1) give notice of the existence and character of each existing system once a year to the Federal Privacy Board; (2) give public notice of the existence and character of each existing system each year; and (3) assure that such public notice specifies the categories of data maintained, and the categories of all information sources, a description of types of use made of information, and the procedures whereby an individual can gain access to such information and contest its accuracy and the necessity for its retention.

Requires any organization maintaining personal information to inform an individual asked to supply personal information whether he is legally required, or may refuse, to supply the information requested, and also of any specific consequences, which are known to the organization, of providing or not providing such information.

Permits data subjects who dispute information about themselves to have such disputed information noted as being disputed when such information about him is disseminated. Requires, upon request, corrections in information to be sent to past recipients of information.

Directs organizations maintaining information to inform, within two years and each year thereafter, individuals on whom data is stored of its content and where a copy of such data may be obtained.

Sets forth exemptions to the provisions of this Act.

Makes it unlawful for any organization to require an individual to disclose or furnish his social security account number, for any purpose in connection with any business transaction unless the disclosure or furnishing of such number is specifically required by Federal law.

Establishes the Federal Privacy Board whose five members shall be appointed by the President.

Directs the Board to: (1) publish an annual Data Base Directory of the United States containing the name and characteristics of each personal information system covered by this Act; (2) make rules to assure compliance with this Act; (3) upon the determination of a violation of a provision of this Act or regulation promulgated under the Act, and after opportunity for a hearing, order the organization violating such provision to cease and desist such violation; and (4) conduct open, public hearings on all petitions for exceptions or exemptions from provisions, application, or jurisdiction of this Act.

States that any individual or organization or responsible officer of an organization who willfully: (1) keeps an information system without having notified the Federal Privacy Board; or (2) issues personal information in violation of this Act; or (3) solicits, uses, or otherwise acquires information in violation of this Act shall be fined not more than $10,000 in each instance or imprisoned not more than five years, or both.

Provides that any person, system, or agency which violates the provisions of the Act, or any rule, regulation, or order issued thereunder, shall be liable to any person aggrieved thereby.