FIPs: Rights of Individuals
- Notice of privacy policies and procedures, and purpose for processing
- Choice and Consent - especially to other data controllers
- Access - for review and update
FIPs: Controls on the Information
- Information Security
- Information Quality - accurate, complete and relevant
FIPs: Information Lifecycle
- Collection: Only for purpose identified.
- Use - Limited to identified purposes consented to.
- Retention - Only for as long as necessary to fulfill purposes.
- Disclosure - Only for identified purposes and with consent.
FIPs: Management
- Management and Administration - Define, document, communicate, and assign accountability for privacy policies/procedures.
- Monitoring and enforcement - Monitor compliance and address complaints and disputes.
US HEW FIPs, 1973
There must be no personal data record-keeping systems whose very existence is secret
There must be a way for a person to find out what information about the person is in a record and how it is used
There must be a way for a person to prevent information about the person that was obtained for one purpose from being used or made available for other purposes without the individual’s consent
There must be a way for a person to correct or amend a record of identifiable information about the person
Any organization creating, maintaining, using or disseminating records of identifiable personal data must assure the reliability of the data for its intended use and must take precautions to prevent misuse of the data
OECD Guidelines, 1980
- Most widely recognized FIPs framework.
- Endorsed by FTC
- Principles
Collection Limitation Principle. There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of
the data subject.
Data Quality Principle. Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.
Purpose Specification Principle. The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose.
Use Limitation Principle. Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with [the Purpose Specification Principle] except: (a) with the consent of the data subject or (b) by the authority of law.
Security Safeguards Principle. Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data.
Openness Principle. There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller.
Individual Participation Principle. An individual should have the right: (a) to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him; (b) to have communicated to him, data relating to him, within a reasonable time, at a charge, if any, that is not excessive, in a reasonable manner, and in a form that is readily intelligible to him; (c) to be given reasons if a request made under subparagraphs (a) and (b) is denied, and to be able to challenge such denial; and (d) to challenge data relating to him and, if the challenge is successful to have the data erased, rectified, completed or amended.
Accountability Principle. A data controller should be accountable for complying with measures which give effect to the principles stated above.
Convention 108, 1981
- Broadly similar to OECD.
- Important contributor to European data protection laws in 1980s and 1990s.
- Added concepts like:
Special categories of data not to be automatically processed: race, politics, religion, health, sex life, health, criminal conviction.
Adapt security measures for particular function and risks.
Transborder data flows should not be inhibited by privacy laws except with respect to special categories of personal data.
Store data in form that permits identification for no longer than needed.
APEC Framework, 2004
- Generally mirror OECD, while being more explicit, especially regarding exceptions.
- Key additions:
Preventing harm - take account of risk of harm and remedial measures should be proportional to that risk.
- Notice - more specific and at time of collection- fact of collection, purpose, types or org disclosed to, identity of controller and who to contact, choices of data subject for limiting use/disclosure and for accessing/correcting.
- Use of PI limited to purpose collected for; compatible uses to that purpose; with consent; when necessary to provide product or service requested; by authority of law.
- Security safeguards proportional to likelihood and severity of harm, sensitivity of information, and context in which it is held. Also, safeguards should be periodically reviewed.
- Access and Correction - Data subjects able to make requests for what is held on them, unless burden unreasonable, legal restriction, or violate others privacy.
- Accountability for forward disclosure - either consent or flow down obligations.
Madrid Resolution, 2009
- Purposes was to define a set of principles and rights guaranteeing (i) the effective and internationally uniform protection of privacy WRT personal data processing; (ii) facilitation of international flows of personal data needed in a globalized world.
- Basic principles
Lawfulness and fairness of processing (non-discrim.)
Purpose specification: Limit processing to purpose and compatible, otherwise consent.
Proportionality: Processing proportional to purpose, minimum necessary.
Data quality - accurate, updated, complete. Retain only as long as necessary.
Openness: Transparency like APEC. Provided in clear and plain language, especially WRT minors.
Accountability - To data subjects and data authorities.
