Scott & Scott | Software Compliance Counsel
Scott & Scott Scott & Scott

« Bragg v. Linden Research, Inc.: Where Second Life becomes Reality | Main | How High is Too High for Copyright Fines? »

The Fair Information Practice Principles

The Fair Information Practice Principles (the “Principles”) were first enumerated by the U.S. Department of Health, Education, and Welfare in 1973. In the 30 years since the principles were formulated, they have become the basis for many privacy laws in the United States, Canada, Europe, and other parts of the world. The Principles are designed to provide a framework for the collection and use of personal information.
The original Principles consisted of the following eight guidelines:


  • Openness – Data policies should be open and clear and the entity or person controlling the data should be easily identifiable.

  • Collection Limitation - Collection of personal data should be limited and obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.

  • Purpose Specification - The purpose for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose.

  • Use Limitation - Personal data should not be disclosed, made available or otherwise used for purposes other than those specified as described above, except with the consent of the data subject or by the authority of law.

  • Data Quality - Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete, relevant and kept up-to-date.

  • Individual Participation - An individual should have the right: a) to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him; b) to have communicated to him, data relating to him within a reasonable time; at a charge, if any, that is not excessive; in a reasonable manner; and in a form that is readily intelligible to him; c) to be given reasons if a request is denied and to be able to challenge such denial; and d) to challenge data relating to him and, if the challenge is successful, to have the data erased, rectified, completed or amended.

  • Security Safeguards - Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data.

  • Accountability - A data controller should be accountable for complying with privacy measures.

    • The FTC currently articulates five core Principles: notice/awareness, choice/consent, access/participation, integrity/security, and enforcement/redress. Many of the current federal regulations related to privacy contain these five Principles.

Tags:

Posted on July 3, 2007 3:40 PM |

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search


About

This page contains a single entry from the blog posted on July 3, 2007 3:40 PM.

The previous post in this blog was Bragg v. Linden Research, Inc.: Where Second Life becomes Reality.

The next post in this blog is How High is Too High for Copyright Fines?.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type 3.32