1. The Principle of Openness

The existence of record-keeping systems and databanks that contain personal data must be publicly known, along with a description of the main purpose and uses of the data.

2.The Principle of Individual Participation

Individuals should have a right to view all information that is collected about them; they must also be able to correct or remove data that is not timely, accurate relevant, or complete.

3. The Principle of Collection Limitation

There should exist limits to the collection of personal data; data should be collected by lawful and fair means and should be collected, where appropriate, with the knowledge or consent of the subject.

4. The Principle of Data Quality

Personal data should be relevant to the purposes for which it is collected and used; personal data should be accurate, complete, and timely.

5. The Principle of Finality

There should be limits to the use and disclosure of personal data: data should be used only for purposes specified at the time of collection; data should not be otherwise disclosed without the consent of the data subject or other legal authority.

6. The Principle of Security

Personal data should be protected by reasonable security safeguards against such risks as loss, unauthorized access, destruction, use, modification or disclosure.

7. The Principle of Accountability

Record keepers should be accountable for complying with fair information practices.

This formulation of a code of fair information practices is derived from several sources, including codes developed by the Department of Health, Education, and Welfare (1973), Organization for Economic Cooperation and Development (1980), and Council of Europe (1981).

Next set of Fair Information Practices: HEW Code of Fair Information Practices

Back to Chapter Two: Privacy Basics