Fair Information Principles
A robust privacy program works at a high level of organization from fair information principles. The Federal Trade Commission (FTC) identifies these principles as:
- Notice/Awareness (to the individual about information collected, maintained and used by the entity)
- Choice and Consent (on the part of the individual about that information, including whether it is collected in the first instance and how and under what circumstances it is disclosed to third parties)
- Access/Participation (whether the individual has access to that information and the ability to correct any mistakes)
- Integrity/Security (the administrative, technical and physical safeguards of the information, including notice if the information is breached)
- Enforcement/Redress (legal, policy, contractual or ethical)
Fair Information Practices
Industry and government standard, well-established practices define these principles. Allusions to those practices are in the parenthesis next to the principles above, but the nine listed below, taken from privacy expert Richard Gellman's seminar article on the subject, flesh out the meaning of these practices.
- Information should be regarded as held for a specific purpose and not to be used, without appropriate authorization, for other purposes.
- Access to information should be confined to those authorized to have it for the purpose for which it was supplied.
- The amount of information collected and held should be the minimum necessary for the achievement of the specified purpose.
- In computerized systems handling information for statistical purposes, adequate provision should be made in their design and programs for separating identities from the rest of the data.
- There should be arrangements whereby the subject could be told about the information held concerning him.
- The level of security to be achieved by a system should be specified in advance by the user and should include precautions against the deliberate abuse or misuse of information.
- A monitoring system should be provided to facilitate the detection of any violation of the security system.
- In the design of information systems, periods should be specified beyond which the information should not be retained.
- Data held should be accurate. There should be machinery for the correction of inaccuracy and the updating of information. Care should be taken in coding value judgments.