Whether its through sending emails or using Facebook, paying taxes or paying bills, Internet users are increasingly managing multiple online identities. And as information-gathering technology improves, more activities of daily life go online, and governments seek to bolster their capacity to identify individuals, questions surrounding how to manage individual identity have mounted. A major goal of many identification and authentication efforts is to prevent illegal activity or enhance security. But the technologies – such as databases, machine-readable ID cards, and online accounts – that are playing an ever more important role in these systems also create significant privacy risks. To mitigate these risks, it is essential that identity systems be designed with effective privacy and security measures. Incorporating such protections at the very beginning will help achieve the goals of identity systems. To this end, CDT has developed ten privacy principles to guide government and commercial entities in developing programs or systems for the creation, authentication, and use of identity.