Data is often encumbered by restrictions on the ways in which it may be used. These restrictions on usage may be determined by statute, by contract, by custom, or by common decency, and they are used to control collection of data, diffusion of data, and the inferences that can be made over the data. In this paper, we present a data-purpose algebra that can be used to model these kinds of restrictions in various different domains. We demonstrate the utility of our approach by modeling part of the Privacy Act (5 USC §552a)1 , which states that data collected about US citizens can be used only for the purposes for which it was collected. We show (i) how this part of the Privacy act can be represented as a set of restrictions on data usage, (ii) how the authorized purposes of data flowing through different government agencies can be calculated, and (iii) how these purposes can be used to determine whether the Privacy Act is being enforced appropriately.