adam's notes

Voluntary Agreements as a Source of Privacy Law

  • People must understand their privacy choices in order to protect their data
  • Governments and organizations must understand the information that they need to provide

Fair Information Practice Principles

  • Organizations use fair information practice principles to help specify how they collect and use data
    • not legally required to follow these principles
    • use this to make sure they are properly informing people about their data collection practices
    • developed by U.S. Department of Health, Education, and Welfare in 1973
      • because there was no federal law that protected personal data
    • formed the basis for the Privacy Act of 1974

Principles

  • no secret record-keeping systems
  • individuals have a way to find out if information is collected about them, because individuals must have a way to correct inaccurate data

Seal Programs

  • Organizations often choose to regulate themselves to keep governments from making laws that would limit their behavior
  • Organizations can participate in a seal program to show their compliance with fair information practice principles
    • run by a trusted third-party organization
    • verifies that an organization meets industry-recognized privacy practice
    • If the organization meets the required standards, then it is allowed to display a privacy seal on its website
    • The seal is used to signify a trustworthy organization
    • E.g., WebTrust, TRUSTe, Better Business Bureau

OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data

  • extension of the 1973 fair information practices
  • guides privacy legislation for Organization for Economic Cooperation and Development (OECD) members
    • established in 1961 to promote a market economy
  • revised in 2013

8 Privacy Principles

  • The Collection Limitation Principle
    • Individuals must know about and consent to the collection of their data
    • sometimes known as the data minimization principle
  • The Data Quality Principle
    • Any data collected must be correct
  • The Purpose Specification Principle
    • purpose for data collection should be stated to individuals before their data is collected
  • The Use Limitation Principle
    • Data should be used only for the purposes stated when it was collected
  • The Security Safeguards Principle
    • collected data must be protected from unauthorized access
  • The Openness Principle
    • People can contact the entity collecting their data to discover where their personal data is collected and stored
    • sometimes known as the data transparency principle
  • The Individual Participation Principle
    • People must know if data about them has been collected
    • must have access to their collected information
  • The Accountability Principle
    • entity collecting data must be held accountable for following the privacy principles

Graph View

Backlinks