A law now in effect in the United States requires protection of individual privacy in computerized personal information record-keeping systems maintained by the federal government. Similar laws apply in certain state and local governments. Legislation has also been introduced to extend the requirements for privacy protection to the private sphere. Central in privacy protection are the rights of an individual to know what data are maintained on him, challenge their veracity and relevance, limit their nonroutine use or dissemination, and be assured that their quality, integrity, and confidentiality are maintained. In all computer systems that maintain and process valuable information, or provide services to multiple users concurrently, it is necessary to provide security safeguards against unauthorized access, use, or modifications of any data file. This difficult problem has not yet been solved in the general case. Computer systems must also be protected against unauthorized use, disruption of operations, and physical damage. The growing number of computer applications involving valuable information or assets plus the growing number of criminal actions directed against computer applications and systems or perpetrated by using computers underscore the need for finding effective solutions to the computer security problem. In the future, concerns for privacy and security must become integral in the planning and design of computer systems and their applications.